Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Security
ssl weak key generation (supposed to effect only debian)
 

Index | Next | Previous | View Flat


psk at informatik

May 17, 2008, 2:08 AM


Views: 3926
Permalink
ssl weak key generation (supposed to effect only debian)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

the recently publicized SSL weak key generation for debian-based systems
(c.f. http://www.debian.org/security/key-rollover/)
has lead our university computing center to retract our
Gentoo-generated SSL keys based on an advisory from the German
DFN cert :-(

I have not found any information about whether this might also
affect Gentoo systems. A test with the Perl script from
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
does not show vulnerability:
~ summary: keys found: 2, weak keys: 0

So I guess that Gentoo-generated keys are not affected.
Still it would be nice to have an official statement
to prevent official certification bodies from retracting
valid Gentoo-generated keys.

Regards,
Peter
- --
Peter Schneider-Kamp mailto:psk [at] informatik
LuFG Informatik II http://verify.rwth-aachen.de/psk
RWTH Aachen phone: +49 241 80-21211
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkguoJQACgkQ3VbrCXkKHhxQigCfSoeTKHLeq2nprKI5BuBgPJhg
KtgAniEai4bE7HnTDKNsA/pnspdVZMFU
=xywx
-----END PGP SIGNATURE-----
--
gentoo-security [at] lists mailing list

Subject User Time
ssl weak key generation (supposed to effect only debian) psk at informatik May 17, 2008, 2:08 AM
    Re: ssl weak key generation (supposed to effect only debian) rbu at gentoo May 17, 2008, 4:15 AM
        Re: ssl weak key generation (supposed to effect only debian) negentropy at verizon May 17, 2008, 6:10 PM
            Re: ssl weak key generation (supposed to effect only debian) falco at gentoo May 21, 2008, 9:37 AM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.