[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssl vulnerability and RSA keys

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/13/08 19:36, Nelson Castillo wrote:
> On Tue, May 13, 2008 at 7:05 PM, agenkin@gmail.com <agenkin@gmail.com> wrote:
>> On May 13, 2:20 pm, Ross Boylan <RossBoy...@stanfordalumni.org> wrote:
>>  > Does this mean that RSA keys for openssh should not be considered
>>  > compromised?  If so, why the need to regenerate them?
>>
>>  On our systems the dowkd.pl script found weak DSA and RSA keys, both
>>  as host keys, and as user-generated keypairs.  We've regenerated the
>>  RSA keys as well.
> 
> ~$ ./dowkd.pl  user nelson
> /home/nelson/.ssh/authorized_keys:1: weak key
> /home/nelson/.ssh/id_rsa.pub:1: warning: no suitable blacklist

$ ./dowkd.pl  user me
$

I think I generated my keys long-enough ago that they aren't broken.

- --
Ron Johnson, Jr.
Jefferson LA  USA

We want... a Shrubbery!!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIKkYnS9HxQb37XmcRAtUEAKDHhx1sS9M3a6Eyu1GtXX+YYtv3NwCfXgxU
fTInSLMWPd+8amsUCHSBpxs=
=y5oG
-----END PGP SIGNATURE-----
Reply to: