Yes. That is my understanding.
We could put our web store back on line with the old certificate, but it
is theoretically possible* that someone has been able to find the
private key. Right now, we are playing it safe. It it takes several days
for our re-issued certificate to get signed, well...
—Barry
*But unlikely considering that any hackers have several million other
honeypots to hack.
On 10 Apr 2014, at 10:20, Joshua Thorp wrote:
according to
[https://www.schneier.com/blog/archives/2014/04/heartbleed.html](https://www.schneier.com/blog/archives/2014/04/heartbleed.html)
[http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat](http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat)
apparently the bug gives access to 64K chunk of ram on the server.
The private key might be in that chunk, but probably won’t be…
however you will get different chunks over time so if you wait long
enough you might end up with a chunk that has a private key or
someone’s password.
—joshua
On Apr 10, 2014, at 10:05 AM, Owen Densmore
<[[email protected]](mailto:[email protected])> wrote:
Hi Barry. How would the private keys be exposed? The pub/priv
computation is done locally, right?
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
