LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Cryptographic weakness on Debian systems

Cryptographic weakness on Debian systems

Posted May 14, 2008 0:29 UTC (Wed) by cjwatson (subscriber, #7322)
In reply to: Cryptographic weakness on Debian systems by maxb
Parent article: Cryptographic weakness on Debian systems 

It would be more accurate to say that the SSH patch was contributed to Debian by Ubuntu, and
due to advisory timing issues happened to be released to Ubuntu first. (Canonical sponsored my
work on said patch, and had no problem with me doing some rapid hat-switching and using that
work for Debian openssh as well, since I'm also its primary maintainer.)

(Log in to post comments)

Cryptographic weakness on Debian systems

Posted May 14, 2008 1:23 UTC (Wed) by emk (subscriber, #1128) [Link] 

Well, many thanks for such a useful patch! I'm glad to hear it will soon be available for
Debian as well.

Cryptographic weakness on Debian systems

Posted May 14, 2008 10:54 UTC (Wed) by mbizon (subscriber, #37138) [Link] 

I have quite a lot of keys for which ssh-vulnkey has no blacklist information. Mainly 1024
bits RSA, and 4096 bits of both kind.

The README.compromised-keys does not give any hint about how these blacklist files where
generated.

Do you plan to release the tool to help generate them for any keysize, or to have more
pre-generated files included in openssh-blacklist ?

Cryptographic weakness on Debian systems

Posted May 14, 2008 11:15 UTC (Wed) by cjwatson (subscriber, #7322) [Link] 

At present I don't think it's wise to release what essentially amounts to exploit code. For
keys that aren't in the blacklist about which you aren't sure, I recommend looking at the
timestamp information (RSA keys generated before 17 Sep 2006, when the bug was introduced,
aren't vulnerable), but otherwise regenerate the key in case of doubt.

Cryptographic weakness on Debian systems

Posted May 15, 2008 10:53 UTC (Thu) by endecotp (guest, #36428) [Link] 

The complete set of vulnerable keys has now been published.

Cryptographic weakness on Debian systems

Posted May 17, 2008 7:50 UTC (Sat) by markshuttle (subscriber, #22379) [Link] 

I doubt that. The complete set would include all possible key sizes, For DSA that's fixed at
1024 bits, for RSA it's open-ended, though anybody with more than 4096 bits is being very
conservative ;-). We had a 16k-bit key at Thawte, but it blew up most crypto libraries and
toolkits at the time, so we didn't use it much.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds