Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

[CaT <cat@zip.com.au>]

On Wed, May 14, 2008 at 12:17:14PM +0200, Jan Luehr wrote:
> > 1. Install the security updates
> >
> >    This update contains a dependency on the openssl update and will
> >    automatically install a corrected version of the libss0.9.8 package,
> >    and a new package openssh-blacklist.
> >
> >    Once the update is applied, weak user keys will be automatically
> >    rejected where possible (though they cannot be detected in all
> >    cases).  
> 
> It might be helpful to know, in what cases weak keys can / cannot be detected.

I think the only clearcut thing you can say is that unless you're 100%
sure your key is safe, it isn't and you should regen. In my case, I was
sure of one key and unsure of 250+ god-foresaken others.

Now I'm sure of them all. I'm also cranky, tired and hoping I never have
to do that again.

Tomorrow the 50+ self-signed and purchased SSL certs...

Life is filled with joy.

-- 
  "Police noticed some rustling sounds from Linn's bottom area
  and on closer inspection a roll of cash was found protruding
  from Linn's anus, the full amount of cash taken in the robbery."
    - http://www.smh.com.au/news/world/robber-hides-loot-up-his-booty/2008/05/09/1210131248617.html