[Toolserver-l] [SECURITY] Debian OpenSSL bug may affect cryptographic keys generated or used on hemlock
River Tarnell
river at wikimedia.org
Wed May 14 10:08:11 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Carl F?rstenberg:
> but surely, can't all the keys people are using for logging in been compromized?
i'm not sure what you're asking here. as far as i understand the problem,
using an SSH key to log into an affected server does not compromise the key.
(if it did, that would be very bad, because the point of asymmetric
cryptography is that the other end doesn't know your private key.)
the key _is_ affected if you copy the private part of the key to an affected
server and use it there.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAkgqugcACgkQIXd7fCuc5vKmcQCfc7EOSyReiUzclEhrqVRLkZ51
gOUAoL+X5IkqeS31PREL1w6SpBGBH7PA
=Srv4
-----END PGP SIGNATURE-----
More information about the Toolserver-l
mailing list