I want to clarify something here:<br><br>This affects not just the server keys, but also any user keys that may have been generated (e.g., id_rsa).<br><br>Thus, if you have an authorized_keys entry for a key generated from an Ubuntu or Debian system, the prudent thing is probably to delete it, and regenerate your user keys.<br>
<br><br>Mike<br><br><div class="gmail_quote">On Thu, May 15, 2008 at 10:49 AM, Christopher DeMarco <<a href="mailto:demarco@maya.com">demarco@maya.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Thu, May 15, 2008 at 10:32:09AM -0400, Brian Sammon wrote:<br>
<br>
> > I haven't seen any discussion of this, but it's actually very important.<br>
> > Some time ago, approximately two years, a single line was removed from the<br>
> > Debian installation of OpenSSL. Reading around, it looks like it was<br>
> > removed because the line caused a problem when profiling the code with<br>
> > Valgrind. Unfortunately, this had the nasty side effect of reducing the<br>
> > possible key space to 2^15 keys instead of 2^1024 possible keys. Yeah, it<br>
><br>
> Reference?<br>
<br>
</div>The horse's mouth, as it were...<br>
<br>
<a href="http://www.debian.org/security/2008/dsa-1576" target="_blank">http://www.debian.org/security/2008/dsa-1576</a><br>
<div class="Ih2E3d"><br>
<br>
--<br>
Christopher DeMarco <<a href="mailto:demarco@maya.com">demarco@maya.com</a>><br>
IT Director<br>
MAYA Group<br>
+1-412-488-2900<br>
<br>
_______________________________________________<br>
</div><div><div></div><div class="Wj3C7c">wplug mailing list<br>
<a href="mailto:wplug@wplug.org">wplug@wplug.org</a><br>
<a href="http://www.wplug.org/mailman/listinfo/wplug" target="_blank">http://www.wplug.org/mailman/listinfo/wplug</a><br>
</div></div></blockquote></div><br>