[afnog] Debian, Ubuntu crypto weakness exploits now in the wild
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon May 19 08:38:27 UTC 2008
On Fri, May 16, 2008 at 10:00:57PM +0200,
Phil Regnauld <regnauld at x0.dk> wrote
a message of 26 lines which said:
> ... and understand that you do not need to be running Debian or
> Ubuntu to have a problem. If you have Debian or Ubuntu generated
> SSH public keys you have placed on public servers, these can be
> compromisedas well, using brute force attacks at this point:
The opposite is also true. If you have DSA keys (RSA is apparently not
vulnerable), even if they were generated on a non-Debian machine, and
if you used them (use == load the private part) on a vulnerable Debian
machine, your DSA key is compromised.
Mathematical explanations in
<http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html>
More information about the afnog
mailing list