On Tue, May 20, 2008, olle wrote: > > > "then" being 0.9.8c-1 released 17 Sep 2006. If your key is older > > > than that you are not affected by this issue. > > > > You are if you used your keys with an affected OpenSSL. > > No. If your key was generated before the bug was introduced, it is > most definately not affected. You could potentially still have a > problem if you use your (non predictable) key with a signature > scheme like DSA that needs randomness, though.
If you use a *RSA* key generated before the bug was introduced, you might not be affected, but if you used a *DSA* key on an affected system, you are affected, even if it was generated 5 years ago. I wanted to correct the statement "If your key is older than that you are not affected by this issue.": there is no age limit at least for some keys. When in doubt, people should please check upstream resources such as: <http://wiki.debian.org/SSLkeys>. Thanks, -- Loïc Minier _______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-developers
