[maemo-developers] OpenSSH vulnerability and maemo extras upload accounts.
From: Loïc Minier lool at dooz.orgDate: Tue May 20 10:57:18 EEST 2008
- Previous message: OpenSSH vulnerability and maemo extras upload accounts.
- Next message: OpenSSH vulnerability and maemo extras upload accounts.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, May 20, 2008, olle wrote: > > > "then" being 0.9.8c-1 released 17 Sep 2006. If your key is older > > > than that you are not affected by this issue. > > > > You are if you used your keys with an affected OpenSSL. > > No. If your key was generated before the bug was introduced, it is > most definately not affected. You could potentially still have a > problem if you use your (non predictable) key with a signature > scheme like DSA that needs randomness, though. If you use a *RSA* key generated before the bug was introduced, you might not be affected, but if you used a *DSA* key on an affected system, you are affected, even if it was generated 5 years ago. I wanted to correct the statement "If your key is older than that you are not affected by this issue.": there is no age limit at least for some keys. When in doubt, people should please check upstream resources such as: <http://wiki.debian.org/SSLkeys>. Thanks, -- Loïc Minier
- Previous message: OpenSSH vulnerability and maemo extras upload accounts.
- Next message: OpenSSH vulnerability and maemo extras upload accounts.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]