reset ssh keys, even if only a public key in fedora?

Simo Sorce ssorce at
Tue Aug 19 18:30:50 UTC 2008

On Tue, 2008-08-19 at 10:40 -0500, Jon Ciesla wrote:
> > Hi.
> >
> > On Tue, 19 Aug 2008 11:32:14 -0400, Simo Sorce wrote:
> >
> >> DSA keys can be compromised if the server you connect to is
> >> compromised. See discussions about the recent openssl debacle for
> >> debian.
> >
> > Which kind of invalidates the whole "public key" concept, doesn't it?
> :)  Yup.
> > Not wanting to start a new discussion about this, but the fact that
> > (some) debian-created keys were weak (and thus crackable) wasn't the
> > servers fault, but the fault of the client that generated the key in
> > the first place (unless I'm getting something seriously wrong).
> Correct.  It was also server keys, but that wouldn't compromise your own
> client key, just the security of the server's key.  To crack the
> encryption, you still need wither the private key or a lot of time and PCU
> cycles.  The debian issue simply reduced the number of CPU cycles.

As far as I know a compromised server key can make it much easier to
compromise a client key if this key is DSA.

I know no more crypto details, someone that knows them could comment


Simo Sorce * Red Hat, Inc * New York

More information about the devel mailing list