Modify

Opened 5 years ago

Last modified 4 years ago

#12120 new defect

SSH servers shouldn't use DSA

Reported by: nextgens Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: DSA entropy randomness security Cc:

Description

The various SSH servers packaged with openwrt should be tweaked NOT to use DSA keys.

DSA relies on 'proper randomness' to be available during each operation... that's hardly ever the case on embedded systems where openwrt is likely to run.

http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/

Attachments (0)

Change History (1)

comment:1 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.