[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] [Fwd: [SECURITY] [DSA 1571-1] New openssl packages
From: |
Zack Weinberg |
Subject: |
Re: [Monotone-devel] [Fwd: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator] |
Date: |
Thu, 15 May 2008 15:16:40 -0400 |
On Wed, May 14, 2008 at 10:54 PM, Brian May
<address@hidden> wrote:
> Zack Weinberg wrote:
>>
>> Monotone does not use openssl at all, and so cannot be affected by this
>> bug.
>>
>
> Oops. My mistake. I thought it did.
It occurred to me that monotone does have the ability to load signing
keys into ssh-agent, which might have meant they got used with the bad
random number generator; but monotone only uses RSA keys, so as I
understand it that's not a problem.
zw