Chris Ball wrote: > I've disabled logins with DSA keys on dev.laptop.org. Turns out that > while your RSA key is only vulnerable if *created* on a weak Debian or > Ubuntu machine, your DSA key is vulnerable if *used* on Debian/UbuntuĀ¹, > due to DSA having a greater reliance on randomness.
Hopefully this doesn't mean that the _private_ DSA key can be compromised if the _public_ key was copied on a Debian/Ubuntu machine. If something like this was even possible, as it would make the whole asymmetrical key scheme rather useless :-) Copying a private key on multiple machines always has been very poor security practice anyway. -- \___/ _| X | Bernie Innocenti - http://www.codewiz.org/ \|_O_| "It's an education project, not a laptop project!" _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel