Ross Boylan <[EMAIL PROTECTED]> writes: > > The recent security advisory for Debian's version of openssl says that > you should regenerate all keys, and that DSA keys should be considered > compromised. > > Does this mean that RSA keys for openssh should not be considered > compromised? If so, why the need to regenerate them?
To clarify, *all* SSH keys, whether DSA or RSA, generated using the bad version of OpenSSL are garbage: they are easily guessable. Furthermore, as I read the advisories and other sources, because of the way DSA keys are used, even strong DSA keys (generated by good versions of OpenSSL) are compromised if they were used locally with the bad OpenSSL. "Locally" here means that the strong DSA key was used on the same side of the connection as the bad OpenSSL: if you used a user DSA key to "ssh" to a remote server and your local OpenSSL library was bad, or if a server DSA key was used by "sshd" to accept a remote connection and the server's OpenSSL library was bad, then the respective key is compromised (even if it was a strong key generated by a good OpenSSL library). "Compromised" means that anyone who intercepted and saved such an SSH conversation can now use this new knowledge of the OpenSSL vulnerability to recover the private DSA key from the connection data. At least, that's how I've interpreted what I've heard. -- Kevin Buhr <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
