Re: SSH keys: DSA vs RSA

To: debian-devel@lists.debian.org
Subject: Re: SSH keys: DSA vs RSA
From: Russ Allbery <rra@debian.org>
Date: Wed, 14 May 2008 17:01:15 -0700
Message-id: <[🔎] 87fxsk4er8.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20080514232237.GA31252@moregruel.net> (Steve Greenland's message of "Wed\, 14 May 2008 18\:22\:37 -0500")
References: <87skwkg97p.fsf@mirexpress.internal.placard.fr.eu.org> <[🔎] 87skwky1vb.fsf@benfinney.id.au> <[🔎] 20080514231226.GA4481@crustytoothpaste.ath.cx> <[🔎] 20080514232237.GA31252@moregruel.net>

Steve Greenland <steveg@moregruel.net> writes:
> "brian m. carlson" <sandals@crustytoothpaste.ath.cx> wrote: 

>> Therefore, anyone who had a DSA key has had it compromised...

> Shouldn't that be "anyone who had a DSA key *created by the flawed
> version of openssl* has had it compromised..."? Or are you asserting
> something stronger?

He's asserting something stronger.  As I understand it, if you use a
perfectly valid and strong DSA key with a weak nonce (such as from a
broken random number generator), you just revealed your DSA key to someone
who knows what to look for and can brute-force or otherwise determine the
nonce.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: SSH keys: DSA vs RSA
  - From: Goswin von Brederlow <goswin-v-b@web.de>

References:
- SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: Ben Finney <bignose+hates-spam@benfinney.id.au>
- Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
- Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: Steve Greenland <steveg@moregruel.net>

Prev by Date: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Next by Date: Re: conglomeration packages (Re: Will nvidia-graphics-drivers ever transition to testing?)
Previous by thread: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Next by thread: Re: SSH keys: DSA vs RSA
Index(es):
- Date
- Thread