cvs: Permission denied (publickey).
Till Maas
opensource at till.name
Sun Aug 24 11:20:22 UTC 2008
On Sat August 23 2008, Jeffrey Ollie wrote:
> 2008/8/23 Axel Thimm <Axel.Thimm at atrpms.net>:
> > Have DSA keys now been banned?
>
> Yes.
>
> > Why?
>
> The primary reason is that it's nearly impossible to tell if the key
> was generated on a Debian system with the compromised OpenSSL
This is also true for RSA keys.
> versions. I've heard rumblings that DSA keys are weaker for other
> reasons, but I've not seen any good explanations.
| In addition, any DSA key must be considered compromised if it has been used
| on a machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key (i.e.,
| generated with a 'good' OpenSSL) to make a connection from such a machine
| may have compromised it. This is due to an 'attack' on DSA that allows the
| secret key to be found if the nonce used in the signature is known or
| reused.
http://wiki.debian.org/SSLkeys#head-d841ac769390d013577ce3fd2be24b8cf5a74cfb
If you look at the descriptions of the dsa signing algorithm, e.g. in the
handbook of applied cryptography[1], you notice, that there is a random
parameter that is meant to kept secret.
Regards,
Till
[1] http://www.cacr.math.uwaterloo.ca/hac/about/chap11.pdf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20080824/2449abb8/attachment.bin
More information about the infrastructure
mailing list