[maemo-developers] OpenSSH vulnerability and maemo extras upload accounts.
From: Dave Neary bolsh at gnome.orgDate: Tue May 20 11:20:58 EEST 2008
- Previous message: OpenSSH vulnerability and maemo extras upload accounts.
- Next message: OpenSSH vulnerability and maemo extras upload accounts.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Olle, olle wrote: > No. If your key was generated before the bug was introduced, it is > most definately not affected. You could potentially still have a > problem if you use your (non predictable) key with a signature > scheme like DSA that needs randomness, though. On a server, you have your private SSH key, and someone else adds an infected public SSH key to authorized_keys. By induction, your key is no longer trustworthy, since someone could have connected to your server via the untrustworthy key. As I understand it, this is the problem with "vulnerable by induction". I could be wrong, of course. Cheers, Dave. -- maemo.org docsmaster Email: dneary at maemo.org Jabber: bolsh at jabber.org
- Previous message: OpenSSH vulnerability and maemo extras upload accounts.
- Next message: OpenSSH vulnerability and maemo extras upload accounts.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]