Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
On Wed, May 14, 2008 at 07:33:43PM +0200, Jan Luehr wrote:
> > To check all your own keys, assuming they are in the standard
> > locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):
> >
> > ssh-vulnkey
>
> I took a look at it and found two large blacklist containing lots of keys -
> but no info on how these lists are generated - that makes me wonder:
>
> Afair DSA keys ought to be considered compromised, even if they aren't
> generated by a broken libssl - so what's the sense in here?
>
> For the RSA part:
> Is it possible that file contains non-broken keys or that broken keys are not
> listed? What's the criteria for RSA-keys to be listed?
Indeed. After all the hassle I went through to make sure I'm sorted I'm
now lumped with two lookup lists which might generate false positives
and are just generally useless. I can't even not install the package
because it's in the Depends line rather then Recommends or Suggests or
whatnot. :/
--
"Police noticed some rustling sounds from Linn's bottom area
and on closer inspection a roll of cash was found protruding
from Linn's anus, the full amount of cash taken in the robbery."
- http://www.smh.com.au/news/world/robber-hides-loot-up-his-booty/2008/05/09/1210131248617.html
Reply to: