-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Martin Peeks:
Interestingly when I ran the tool it marked some of my RSA keys (including my RSA host keys on my own boxes) as "weak", so if you use RSA, don't be complacent. Your keys could still be weak and you should check with the tool (see another post I made to this list).
there are two different problems here:
1) any key (RSA or DSA) created with the affected OpenSSL version is insecure 2) any DSA private key used with the affected OpenSSL version could have been compromised
the tool only checks for case 1), because it can't possibly know where you've copied your key to and used it. so, there will be no difference for DSA vs RSA keys.
- river.