Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
On Thu, 15 May 2008, Steinar H. Gunderson wrote:
> On Wed, May 14, 2008 at 06:22:37PM -0500, Steve Greenland wrote:
> >> Therefore, anyone who had a DSA key has had it compromised...
> > Shouldn't that be "anyone who had a DSA key *created by the flawed
> > version of openssl* has had it compromised..."? Or are you asserting
> > something stronger?
> No. Any key who had a single DSA signature created by the flawed version of
> OpenSSL should be considered compromised. DSA requires a secret, random
> number as part of the signature process; if someone figures it out, or you
> use the same number twice, the entire secret key falls.
If I understand correctly, it means that if you use a good key with a
flawed openssl to connect to an other host using that key, then that
key can be considered compromised.
But what about using a good key on a host with a good openssl, to
connect to a server which use a bad openssl ?