Simon Valiquette <[EMAIL PROTECTED]> writes:
>
> It seems that people are insisting quite a lot on the bad keys, but
> what worry me a lot more is that, apparently and very logically, past
> ssh connections and any SSL session keys are to be considered
> compromised.
After hastily reviewing the
Micah Anderson un jour écrivit:
* Simon Valiquette <[EMAIL PROTECTED]> [2008-05-14 16:36-0400]:
In other words, if a vulnerable key have been involved, and if someone
was able to intercept and save the encrypted data, he/she can now
decipher It, whether It is passwords, ssh sessions, secur
On Wed, 14 May 2008, Micah Anderson wrote:
> authenticity of the server. In other words, ssh sessions are not
> compromised just because an adversary has the host keys (unless a MITM
> is setup, in which case you need bot the host key and the authentication
> key to perform a mitm attack).
Ok. Bu
* Simon Valiquette <[EMAIL PROTECTED]> [2008-05-14 16:36-0400]:
>
>> Affected keys include SSH keys [...] and session keys used
> > in SSL/TLS connections.
>
> It seems that people are insisting quite a lot on the bad keys, but
> what worry me a lot more is that, apparently and very logically,
Affected keys include SSH keys [...] and session keys used
> in SSL/TLS connections.
It seems that people are insisting quite a lot on the bad keys, but
what worry me a lot more is that, apparently and very logically, past ssh
connections and any SSL session keys are to be considered compr
5 matches
Mail list logo
