[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers-public] SSH keys weakness
From: |
Sylvain Beucler |
Subject: |
[Savannah-hackers-public] SSH keys weakness |
Date: |
Tue, 13 May 2008 23:00:44 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 |
A vulnerability was discovered in Debian Etch's OpenSSL package:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
This means that keys generated under this platform version are weak, and
easily crackable.
Consequently we've run the dowkd.pl tool and disabled keys considered weak.
They are marked as '# WEAK KEY' in the Savannah interface. Please remove or
regenerate these keys (after upgrading your openssl package); we also suggest
you look for other places where these keys were used, and replace them there
too.
The Savannah SSH host keys (cvs/git/arch/download.savannah.gnu.org) predate
Etch and are not impacted.
The savannah.gnu.org and savannah.nongnu.org https keys were generated
through GnuTLS and are not impacted.
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-hackers-public] SSH keys weakness,
Sylvain Beucler <=