savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] SSH keys weakness


From: Sylvain Beucler
Subject: [Savannah-hackers-public] SSH keys weakness
Date: Tue, 13 May 2008 23:00:44 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

A vulnerability was discovered in Debian Etch's OpenSSL package:
http://lists.debian.org/debian-security-announce/2008/msg00152.html

This means that keys generated under this platform version are weak, and
easily crackable.

Consequently we've run the dowkd.pl tool and disabled keys considered weak.
They are marked as '# WEAK KEY' in the Savannah interface. Please remove or
regenerate these keys (after upgrading your openssl package); we also suggest
you look for other places where these keys were used, and replace them there
too.

The Savannah SSH host keys (cvs/git/arch/download.savannah.gnu.org) predate
Etch and are not impacted.

The savannah.gnu.org and savannah.nongnu.org https keys were generated
through GnuTLS and are not impacted.


_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]