SSH DSA logins on crank.
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Wed May 21 08:02:28 EDT 2008
Hi Chris,
On 19.05.2008 17:02, Chris Ball wrote:
> I've disabled logins with DSA keys on dev.laptop.org. Turns out that
> while your RSA key is only vulnerable if *created* on a weak Debian or
> Ubuntu machine, your DSA key is vulnerable if *used* on Debian/UbuntuĀ¹,
> due to DSA having a greater reliance on randomness.
>
> Please mail sysadmin at rt.laptop.org if you were using a DSA key that you
> now need to replace.
>
What happens to those who never logged in *from* a Debian/Ubuntu
machine? There's no reason to not let them keep their DSA key. The PRNG
on the target host doesn't even appear in the DSA signature creation
calculations and therefore is irrelevant to DSA key security.
Regards,
Carl-Daniel
More information about the Devel
mailing list