cvs: Permission denied (publickey).
opensource at till.name
Sun Aug 24 11:20:22 UTC 2008
On Sat August 23 2008, Jeffrey Ollie wrote:
> 2008/8/23 Axel Thimm <Axel.Thimm at atrpms.net>:
> > Have DSA keys now been banned?
> > Why?
> The primary reason is that it's nearly impossible to tell if the key
> was generated on a Debian system with the compromised OpenSSL
This is also true for RSA keys.
> versions. I've heard rumblings that DSA keys are weaker for other
> reasons, but I've not seen any good explanations.
| In addition, any DSA key must be considered compromised if it has been used
| on a machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key (i.e.,
| generated with a 'good' OpenSSL) to make a connection from such a machine
| may have compromised it. This is due to an 'attack' on DSA that allows the
| secret key to be found if the nonce used in the signature is known or
If you look at the descriptions of the dsa signing algorithm, e.g. in the
handbook of applied cryptography, you notice, that there is a random
parameter that is meant to kept secret.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 827 bytes
Desc: This is a digitally signed message part.
More information about the Fedora-infrastructure-list