On 04/10/2014 07:46 PM, miguel.j...@gmail.com wrote:
If I used ossec-authd only once, and have since revoked the key that was
generated, but already had a number of keys generated *prior* to any use
of ossec-authd, those original keys are safe and need not be revoked,
correct?
Just want to make sure :)
If there were no keys exchanged during the time when authd was running,
then there is no exposure and hence, no risk to those keys. But keep in
mind that theoretically there could have been other items in memory that
have been leaked.
All of this is entirely theoretical and assumes ossec is vulnerable,
which is not even clear. I think the risk, even for someone who had
authd running for the past couple of days, is extremely low. But that is
for each user to decide.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
