ssl security desaster (was: Re: SSH keys: DSA vs RSA)
"Steinar H. Gunderson" <sgunderson@bigfoot.com>:
> On Thu, May 15, 2008 at 05:11:27AM +0200, Goswin von Brederlow wrote:
>
> > Also if you have 2 messages signed with the same random number you can
> > compute the secret key. It is more complicated then this but
> > simplified boils down to is computing k given (k + r) * Message1 ==
> > Signature1 and (k + r) * Message2 == Signature2.
>
> For the details, since everyone doesn't read Planet Debian:
>
> http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths
>
> /* Steinar */
If I understand this correctly, this means that not only should keys
generated with the broken ssl lib be considered compromised, but all
keys which were potentially used to create DSA signatures by those
broken libs.
In this case, the security advisory should clearly be updated. And
all advise about searching for weak keys should be removed as well,
because it leads to false sense of security. In fact, *all* keys used
on Debian machines should be considered compromised.
I also wonder, what will the Debian community change in their
processes to make such a security desaster less likely in the
future?
Martin
Reply to: