Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
On Fri, May 16, 2008 at 11:26 AM, nicolas vigier <email@example.com> wrote:
> On Thu, 15 May 2008, Steinar H. Gunderson wrote:
>> No. Any key who had a single DSA signature created by the flawed version of
>> OpenSSL should be considered compromised. DSA requires a secret, random
>> number as part of the signature process; if someone figures it out, or you
>> use the same number twice, the entire secret key falls.
> If I understand correctly, it means that if you use a good key with a
> flawed openssl to connect to an other host using that key, then that
> key can be considered compromised.
> But what about using a good key on a host with a good openssl, to
> connect to a server which use a bad openssl ?
The reason the former fails is because DSA needs a random number to
generate its signature (as Steinar describes). This signature is
obviously generated with the local openssl. Connecting to a remote
host with a bad openssl doesn't matter as the random number is
generated with your local good openssl.