Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
On Wed, May 14, 2008 at 12:17:14PM +0200, Jan Luehr wrote:
> > 1. Install the security updates
> >
> > This update contains a dependency on the openssl update and will
> > automatically install a corrected version of the libss0.9.8 package,
> > and a new package openssh-blacklist.
> >
> > Once the update is applied, weak user keys will be automatically
> > rejected where possible (though they cannot be detected in all
> > cases).
>
> It might be helpful to know, in what cases weak keys can / cannot be detected.
I think the only clearcut thing you can say is that unless you're 100%
sure your key is safe, it isn't and you should regen. In my case, I was
sure of one key and unsure of 250+ god-foresaken others.
Now I'm sure of them all. I'm also cranky, tired and hoping I never have
to do that again.
Tomorrow the 50+ self-signed and purchased SSL certs...
Life is filled with joy.
--
"Police noticed some rustling sounds from Linn's bottom area
and on closer inspection a roll of cash was found protruding
from Linn's anus, the full amount of cash taken in the robbery."
- http://www.smh.com.au/news/world/robber-hides-loot-up-his-booty/2008/05/09/1210131248617.html
Reply to: