Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Jan Luehr wrote:
> Hello,
>
> Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat:
>> OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06,
>>
>> Florian Weimer <fw@deneb.enyo.de> disait:
>>> Package : openssl
>>> Vulnerability : predictable random number generator
>> Some other random questions:
>> - It seems that firefox does not handle CRL unless manually imported,
>> correct? This means that in most cases already issued certificates
>> are still vulnerable even revoked. A quick look seems to show that
>> most software do not handle CRL at all.
>> - As a maintainer of a package that have generated certificates using
>> OpenSSL, how should we handle the issue?
>>
>> For the last question, I see several solutions:
>> - the user has to read the DSA and handle it himself
>
> Since some keys are generated automatically, (e.g. ssh host keys) users will
> have to regenerate keys,they haven't generated in the first place and might
> not be aware of their existens.
> That's bad.
Unless I'm gravely mistaken, SSH keys aren't affected by this
vulnerability. OpenSSH and OpenSSL are separate, and your ssh program
generated its own keys.
-Corey
Reply to: