git.freedesktop.org IP change?

Daniel Stone daniel at fooishbar.org
Fri May 16 10:23:25 PDT 2008


On Fri, May 16, 2008 at 09:51:32AM -0700, Donnie Berkholz wrote:
> On 11:41 Fri 16 May     , Matthieu Herrb wrote:
> > Matthias Hopf wrote:
> > > On May 16, 08 00:50:51 -0400, Dan Phung wrote:
> > >> There was an ssh vulnerability that forced everbody to regenerate  
> > >> their ssh keys...that's probably the reason...
> > > 
> > > Everybody running Debian, strictly speaking.
> > > Other distros are not affected IIRC.
> > 
> > Other non-debian based distros are not affected, but DSA keys can be, 
> > even if they were generated on other systems: if a DSA key was used to 
> > authenticate against a vulnerable (thus potentially compromised) server, 
> > this key should be considered as compromised too.
> 
> Eh? Do you have any links describing how distributing my public key 
> could compromise my private key? That doesn't click in my head.

http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html is as
close as I could get to a coherent full explanation.

Cheers,
Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.x.org/archives/xorg/attachments/20080516/3ed0ece6/attachment.pgp>


More information about the xorg mailing list