[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssl security desaster

On Tue, May 27, 2008 at 04:51:36PM +0200, Florian Weimer wrote:
> > Well, I actually had false positives (on amd64) -- even freshly
> > generated keys with the new libopenssl package were reported as bad,
> > which irritated me a bit.
> And you've already deleted those keys, right?  How convenient. 8-/

No, actually, /all/ keys I generated were allegedly weak -- this means, after
executing ssh-keygen and dowkd.pl five times, I stuck to the key. (ssh-vulnkey
thinks it is fine though.) The dowkd.pl linked in the DSA has seemingly
changed, however. (IIRC, it wasn't gzipped nor generated a database before.)


Attachment: signature.asc
Description: Digital signature

Reply to: