On Fri, May 16, 2008 at 05:26:09PM +0200, nicolas vigier wrote:
If I understand correctly, it means that if you use a good key with a flawed openssl to connect to an other host using that key, then that key can be considered compromised.
If I have a DSA key, and the client (my machine) has a bad OpenSSL, then I have exposed my secret key. This is because I generate the random data on the client.
But what about using a good key on a host with a good openssl, to connect to a server which use a bad openssl ?
Since the random data is generated on the client, I have not exposed my key. However, if Diffie-Hellman key exchange is used, the session key is probably insecure, and thus it is easy to sniff the messages. Note that this only applies to DSA. RSA keys only use random data to pad the signature (such as in PKCS #1), and so it is much less likely that you have exposed the secret key. (For the unlikely situation that you have, see "Low Encryption Exponent Attack against RSA", Applied Cryptography, p.472). -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Description: Digital signature