[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] [Fwd: [SECURITY] [DSA 1571-1] New openssl packages
|
From: |
Brian May |
|
Subject: |
Re: [Monotone-devel] [Fwd: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator] |
|
Date: |
Fri, 16 May 2008 09:16:28 +1000 |
|
User-agent: |
Thunderbird 2.0.0.14 (X11/20080505) |
Zack Weinberg wrote:
> It occurred to me that monotone does have the ability to load signing
> keys into ssh-agent, which might have meant they got used with the bad
> random number generator; but monotone only uses RSA keys, so as I
> understand it that's not a problem.
>
What matters is how the key is initially generated. So monotone should
be OK, even with ssh-agent. However both RSA and DSA keys (ssh, x509,
etc) are affected by the above security flaw when the key was generated
by the bad library.
Brian May