[e-privacy] Debian flaw causes weak identity keys
Gian
g.ciotti at tirrenide.net
Wed May 14 12:22:52 CEST 2008
On 14.05.08, 12:13, Sanata wrote:
>> A bug in the Debian GNU/Linux distribution's OpenSSL package was
>> announced today. This bug would allow an attacker to figure out private
>> keys generated by these buggy versions of the OpenSSL library. Thus,
>> all private keys generated by affected versions of OpenSSL must be
>> considered to be compromised.
>
> Pessimo :(
>
> La vulnerabilita' si estende anche a gpg e dm-crypt che voi sappiate?
no:
"Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected,
though"
http://lists.debian.org/debian-security-announce/2008/msg00152.html
--
Gian
member of A.G.O.W. #C10771
and orgoglione to be!
:(){ :|:&};:
More information about the E-privacy
mailing list