2008/8/24 Axel Thimm Axel.Thimm@atrpms.net:
On Sat, Aug 23, 2008 at 04:37:13PM -0500, Jeffrey Ollie wrote:
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions.
OK, I checked and it is far from impossible. After all the bug was that there are only 32k possible keys per arch/size/type - Debian has even issued blacklists for all keys of typical und some untypical sizes like 1024/2048/1023/2047/4096/8192 and for some sizes they even packaged it up, see
http://packages.debian.org/unstable/main/openssh-blacklist http://packages.debian.org/unstable/main/openssh-blacklist-extra
If there is paranoia floating around, then why not use that blacklist in Fedora/RHEL as well instead of nuking all DSA keys and still allowing the bad RSA keys?
All RSA keys were nuked too.
And if your are really paranoic then one can package up these blacklists for general use by Fedora/RHEL's openssh. I don't know if openssh has a blacklist-reject ability already coded in, though.
No it does not.