Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
hosts.allow would be better, and stays constant across reboots.
Cryptographic weakness on Debian systems
Posted May 13, 2008 20:14 UTC (Tue) by emk (guest, #1128)
Fair enough. :-) I just needed a short-term fix while reading the advisories, and thought I'd
I'm relatively impressed by the Ubuntu patch, with its built-in blacklist and support for
regenerating host keys. (Time will tell if this code actually works.)
The Debian patch? Not so much. I'm still waiting to see how long it takes for anything other
than a placeholder to appear here:
Posted May 13, 2008 22:10 UTC (Tue) by maxb (guest, #52055)
The SSH package update in Ubuntu is taken straight from Debian. However, whilst Ubuntu have
published it as a security update, Debian have not (yet?). The package is currently in
Posted May 14, 2008 0:29 UTC (Wed) by cjwatson (subscriber, #7322)
It would be more accurate to say that the SSH patch was contributed to Debian by Ubuntu, and
due to advisory timing issues happened to be released to Ubuntu first. (Canonical sponsored my
work on said patch, and had no problem with me doing some rapid hat-switching and using that
work for Debian openssh as well, since I'm also its primary maintainer.)
Posted May 14, 2008 1:23 UTC (Wed) by emk (guest, #1128)
Well, many thanks for such a useful patch! I'm glad to hear it will soon be available for
Debian as well.
Posted May 14, 2008 10:54 UTC (Wed) by mbizon (subscriber, #37138)
I have quite a lot of keys for which ssh-vulnkey has no blacklist information. Mainly 1024
bits RSA, and 4096 bits of both kind.
The README.compromised-keys does not give any hint about how these blacklist files where
Do you plan to release the tool to help generate them for any keysize, or to have more
pre-generated files included in openssh-blacklist ?
Posted May 14, 2008 11:15 UTC (Wed) by cjwatson (subscriber, #7322)
At present I don't think it's wise to release what essentially amounts to exploit code. For
keys that aren't in the blacklist about which you aren't sure, I recommend looking at the
timestamp information (RSA keys generated before 17 Sep 2006, when the bug was introduced,
aren't vulnerable), but otherwise regenerate the key in case of doubt.
Posted May 15, 2008 10:53 UTC (Thu) by endecotp (guest, #36428)
The complete set of vulnerable keys has now been published.
Posted May 17, 2008 7:50 UTC (Sat) by markshuttle (subscriber, #22379)
I doubt that. The complete set would include all possible key sizes, For DSA that's fixed at
1024 bits, for RSA it's open-ended, though anybody with more than 4096 bits is being very
conservative ;-). We had a 16k-bit key at Thawte, but it blew up most crypto libraries and
toolkits at the time, so we didn't use it much.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds