Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Peter Schneider-Kamp <psk@...>
Subject: ssl weak key generation (supposed to effect only debian)
Date: Sat, 17 May 2008 11:08:36 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

the recently publicized SSL weak key generation for debian-based systems
(c.f. http://www.debian.org/security/key-rollover/)
has lead our university computing center to retract our
Gentoo-generated SSL keys based on an advisory from the German
DFN cert :-(

I have not found any information about whether this might also
affect Gentoo systems. A test with the Perl script from
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
does not show vulnerability:
~  summary: keys found: 2, weak keys: 0

So I guess that Gentoo-generated keys are not affected.
Still it would be nice to have an official statement
to prevent official certification bodies from retracting
valid Gentoo-generated keys.

Regards,
Peter
- --
Peter Schneider-Kamp   mailto:psk@...
LuFG Informatik II     http://verify.rwth-aachen.de/psk
RWTH Aachen            phone: +49 241 80-21211
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkguoJQACgkQ3VbrCXkKHhxQigCfSoeTKHLeq2nprKI5BuBgPJhg
KtgAniEai4bE7HnTDKNsA/pnspdVZMFU
=xywx
-----END PGP SIGNATURE-----
-- 
gentoo-security@g.o mailing list


Replies:
Re: ssl weak key generation (supposed to effect only debian)
-- Robert Buchholz
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
AUTO: Janek Lünstedt ist außer Haus (Rückkehr am 14.04.2008)
Next by thread:
Re: ssl weak key generation (supposed to effect only debian)
Previous by date:
Re: Portage rsync security
Next by date:
Re: ssl weak key generation (supposed to effect only debian)


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.