[Savannah-hackers-public] SSH keys weakness

savannah-hackers-public

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] SSH keys weakness

From:	Sylvain Beucler
Subject:	[Savannah-hackers-public] SSH keys weakness
Date:	Tue, 13 May 2008 23:00:44 +0000
User-agent:	Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

A vulnerability was discovered in Debian Etch's OpenSSL package:
http://lists.debian.org/debian-security-announce/2008/msg00152.html

This means that keys generated under this platform version are weak, and
easily crackable.

Consequently we've run the dowkd.pl tool and disabled keys considered weak.
They are marked as '# WEAK KEY' in the Savannah interface. Please remove or
regenerate these keys (after upgrading your openssl package); we also suggest
you look for other places where these keys were used, and replace them there
too.

The Savannah SSH host keys (cvs/git/arch/download.savannah.gnu.org) predate
Etch and are not impacted.

The savannah.gnu.org and savannah.nongnu.org https keys were generated
through GnuTLS and are not impacted.


_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers-public] SSH keys weakness, Sylvain Beucler <=

Prev by Date: [Savannah-hackers-public] Where I'm glad I genarated our https keys using GnuTLS :)
Next by Date: Re: [Savannah-hackers-public] Helping Savannah
Previous by thread: [Savannah-hackers-public] Where I'm glad I genarated our https keys using GnuTLS :)
Next by thread: [Savannah-hackers-public] Savannah unavailable
Index(es):
- Date
- Thread