On Tue, May 27, 2008 at 04:51:36PM +0200, Florian Weimer wrote: > > Well, I actually had false positives (on amd64) -- even freshly > > generated keys with the new libopenssl package were reported as bad, > > which irritated me a bit. > > And you've already deleted those keys, right? How convenient. 8-/ No, actually, /all/ keys I generated were allegedly weak -- this means, after executing ssh-keygen and dowkd.pl five times, I stuck to the key. (ssh-vulnkey thinks it is fine though.) The dowkd.pl linked in the DSA has seemingly changed, however. (IIRC, it wasn't gzipped nor generated a database before.) Patrik
Attachment:
signature.asc
Description: Digital signature