[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [SshAccess] (edit) rephrase RSA vs. DSA and mention the l
|
From: |
Beuc |
|
Subject: |
[Savannah-cvs] [SshAccess] (edit) rephrase RSA vs. DSA and mention the lack of official statement as well as pointers to non-officials |
|
Date: |
Sun, 13 Jun 2010 19:44:40 +0000 |
??changed:
-Q: RSA or DSA? A: RSA.
------------------------
-
-We recommend using only RSA keys, not DSA. Full details are at
http://meyering.net/nuke-your-DSA-keys/ (and its links); in short, on a system
with a buggy OpenSSL library, DSA keys (but not RSA keys) can be easily cracked
by an attacker sniffing enough traffic.
Q: RSA or DSA?
--------------
We recommend using only RSA keys, not DSA.
Full details are at `Jim's page <http://meyering.net/nuke-your-DSA-keys/>`_.
In short, on a system whose !OpenSSL library has a weak pseudo-random number
generator or PRNG
(such as the one that `shipped with Debian Etch
<http://www.debian.org/security/2008/dsa-1571>`_ in 2007-2008),
DSA private keys can be easily deduced by an attacker that sniffed enough of
your traffic.
Note that this issue is not officially documented by the !OpenSSH project. The
following posts in Debian mailing lists tend to confirm it:
* http://lists.debian.org/debian-devel/2008/05/msg00341.html
* http://lists.debian.org/debian-devel-announce/2008/05/msg00004.html
--
forwarded from http://savannah.gnu.org/maintenance/address@hidden/maintenance
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [SshAccess] (edit) rephrase RSA vs. DSA and mention the lack of official statement as well as pointers to non-officials,
Beuc <=