On Tue, May 20, 2008 at 08:45:20PM +0100, Alexandros Papadopoulos wrote:
a) How/why were my active connections to the server killed right after
upgrading and
Don't know, I've never seen this behaviour on a debian system.
b) Why I am not allowed access now that I try to utilise the simplest
* Florian Weimer:
I've just uploaded a new version of dowkd.pl to the usual place:
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
(OpenPGP signature)
I've just released version 0.9.3, which contains the
On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote:
OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees
Cook [EMAIL PROTECTED] disait:
* Add empty DSA-2048, since they weren't any bad ones.
How is it possible?
I could be mistaken, but prior to openssl
Kees Cook un jour écrivit:
On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote:
I could be mistaken, but prior to openssl breaking, ssh-keygen stopped
allowing dsa 2048 keys, which means there wasn't a way to generate bad
ones:
It didn't before. At least not directly from
On Mon, May 19, 2008 at 02:17:42PM +0200, Florian Weimer wrote:
* Kees Cook:
The rule is simple. When the ~/.rnd file doesn't exist I get one key and
in other situation I get another (that listed in Ubuntu
openssl-blacklist) key. Because of this problem openssl-blacklist has to
be
Hi,
On Wed, May 21, 2008 at 05:42:43AM -0400, Simon Valiquette wrote:
Kees Cook un jour écrivit:
On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote:
I could be mistaken, but prior to openssl breaking, ssh-keygen stopped
allowing dsa 2048 keys, which means there wasn't a way to
On May 21, 2008, at 12:06 PM, Bodo Moeller wrote:
A more elaborate explanation seems in place to make sure that
we avoid uninentionally incomplete blacklists.
..
I'd expect there to be some significant overlapping between the
blacklists, but these should still be different lists: Many RSA
On Monday 19 May 2008, Florian Weimer wrote:
BTW, it appears that the same blacklist can be used for -3 and -F4
keys. (Just in case you haven't checked that already.)
RSA keys with exponent 3 should probably not be used at all, because
multiple implementations did not verify the signatures
On Wed, May 21, 2008 at 2:46 PM, Dirk-Willem van Gulik
[EMAIL PROTECTED] wrote:
On May 21, 2008, at 12:06 PM, Bodo Moeller wrote:
A more elaborate explanation seems in place to make sure that
we avoid uninentionally incomplete blacklists.
I'd expect there to be some significant overlapping
On Mon, 19 May 2008, Jan Tomasek wrote:
Kees Cook wrote:
The rule is simple. When the ~/.rnd file doesn't exist I get one key
and in other situation I get another (that listed in Ubuntu
openssl-blacklist) key. Because of this problem openssl-blacklist has
to be twice big than
Jamie Strandboge wrote:
I discovered that there is also 3rd key which you get if you pass empty
file by -rand. Keys created in this way are still the same so it's
another possible compromised key. I'm not sure if it worth spend time on
counting this keys...
Empty files vs non-existent
Regain your male attrctiveness! http://picturewest.com
Ike Downs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
12 matches
Mail list logo