[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] SSH keys weakness

From: Sylvain Beucler
Subject: [Savannah-hackers-public] SSH keys weakness
Date: Tue, 13 May 2008 23:00:44 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv: Gecko/20080404 Firefox/

A vulnerability was discovered in Debian Etch's OpenSSL package:

This means that keys generated under this platform version are weak, and
easily crackable.

Consequently we've run the tool and disabled keys considered weak.
They are marked as '# WEAK KEY' in the Savannah interface. Please remove or
regenerate these keys (after upgrading your openssl package); we also suggest
you look for other places where these keys were used, and replace them there

The Savannah SSH host keys (cvs/git/arch/ predate
Etch and are not impacted.

The and https keys were generated
through GnuTLS and are not impacted.

  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]