cvs: Permission denied (publickey).

Till Maas opensource at
Sun Aug 24 11:20:22 UTC 2008

On Sat August 23 2008, Jeffrey Ollie wrote:
> 2008/8/23 Axel Thimm <Axel.Thimm at>:

> > Have DSA keys now been banned?
> Yes.
> > Why?
> The primary reason is that it's nearly impossible to tell if the key
> was generated on a Debian system with the compromised OpenSSL

This is also true for RSA keys.

> versions.  I've heard rumblings that DSA keys are weaker for other
> reasons, but I've not seen any good explanations.

| In addition, any DSA key must be considered compromised if it has been used
| on a machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key (i.e.,
| generated with a 'good' OpenSSL) to make a connection from such a machine
| may have compromised it. This is due to an 'attack' on DSA that allows the
| secret key to be found if the nonce used in the signature is known or
| reused.

If you look at the descriptions of the dsa signing algorithm, e.g. in the 
handbook of applied cryptography[1], you notice, that there is a random 
parameter that is meant to kept secret.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Fedora-infrastructure-list mailing list