Re: SSH keys: DSA vs RSA
Steve Greenland <steveg@moregruel.net> writes:
> "brian m. carlson" <sandals@crustytoothpaste.ath.cx> wrote:
>> Therefore, anyone who had a DSA key has had it compromised...
> Shouldn't that be "anyone who had a DSA key *created by the flawed
> version of openssl* has had it compromised..."? Or are you asserting
> something stronger?
He's asserting something stronger. As I understand it, if you use a
perfectly valid and strong DSA key with a weak nonce (such as from a
broken random number generator), you just revealed your DSA key to someone
who knows what to look for and can brute-force or otherwise determine the
nonce.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: