-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Carl F?rstenberg:
but surely, can't all the keys people are using for logging in been compromized?
i'm not sure what you're asking here. as far as i understand the problem, using an SSH key to log into an affected server does not compromise the key. (if it did, that would be very bad, because the point of asymmetric cryptography is that the other end doesn't know your private key.)
the key _is_ affected if you copy the private part of the key to an affected server and use it there.
- river.