Hi Olle, olle wrote: > No. If your key was generated before the bug was introduced, it is > most definately not affected. You could potentially still have a > problem if you use your (non predictable) key with a signature > scheme like DSA that needs randomness, though.
On a server, you have your private SSH key, and someone else adds an infected public SSH key to authorized_keys. By induction, your key is no longer trustworthy, since someone could have connected to your server via the untrustworthy key. As I understand it, this is the problem with "vulnerable by induction". I could be wrong, of course. Cheers, Dave. -- maemo.org docsmaster Email: [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED] _______________________________________________ maemo-developers mailing list [email protected] https://lists.maemo.org/mailman/listinfo/maemo-developers
