SSH DSA logins on crank.

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at
Wed May 21 08:02:28 EDT 2008

Hi Chris,

On 19.05.2008 17:02, Chris Ball wrote:
> I've disabled logins with DSA keys on  Turns out that
> while your RSA key is only vulnerable if *created* on a weak Debian or
> Ubuntu machine, your DSA key is vulnerable if *used* on Debian/UbuntuĀ¹,
> due to DSA having a greater reliance on randomness.
> Please mail sysadmin at if you were using a DSA key that you
> now need to replace.

What happens to those who never logged in *from* a Debian/Ubuntu
machine? There's no reason to not let them keep their DSA key. The PRNG
on the target host doesn't even appear in the DSA signature creation
calculations and therefore is irrelevant to DSA key security.


More information about the Devel mailing list