Re: [Hampshire] OpenSSL in Debian is broken

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMHugo Mills at <-
.MMMM\Hugo Mills at ->

Reply to this message
Author: Steve Kemp
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] OpenSSL in Debian is broken
On Tue May 13, 2008 at 08:57:50 -0400, Andy Random wrote:

> I assume this means that Ubuntu, Mepis and other Debian derivatives also
> suffer the same issue? If so I hope they will be pushing through security
> updates ASAP...

The pain of this one is that a security update will only prevent you
from creating weak keys in the future - it doesn't protect you in any
way from any keys you've created previously which are now trivially
crackable ..

Expect lots more news on this going forward ..

Steve
--


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] OpenSSL in Debian is brokenRe: [Hampshire] OpenSSL in Debian is broken->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)