[Bug 237391] Re: ssh-keygen should default to dsa not rsa
Neal McBurnett
neal at bcn.boulder.co.us
Wed Jun 4 18:33:08 BST 2008
Why? Based on recent events, I would think DSA would be considered
worse, not better than RSA. E.g. from http://wiki.debian.org/SSLkeys
"any DSA key must be considered compromised if it has been used on a
machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key (i.e.,
generated with a 'good' OpenSSL) to make a connection from such a
machine may have compromised it. This is due to an 'attack' on DSA that
allows the secret key to be found if the nonce used in the signature is
known or reused."
--
ssh-keygen should default to dsa not rsa
https://bugs.launchpad.net/bugs/237391
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list