On Thu, 15 May 2008 08:09:02 +0200 Norbert Preining <preining@logic.at> wrote: > On Do, 15 Mai 2008, Steinar H. Gunderson wrote: > > No. Any key who had a single DSA signature created by the flawed version of > > OpenSSL should be considered compromised. DSA requires a secret, random > > Does this extend to gpg keys and its signatures? That would make quite > an impact. GnuPG does not use OpenSSL, so it should be safe. But generally it could be possible to use same key for both GnuPG and OpenSSL and then you would have a problem. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Attachment:
signature.asc
Description: PGP signature