On Wed 14 May 2008, Josh Glover wrote:
> 2008/5/14 Nick Murtagh <nickm at go2.ie>:
> > FRLinux wrote:
> >> The private key is still considered as untrustworthy as stated by the
> >> advisory. That is the way i understand it.
> >
> > From what point of view? Could someone take the public cert and
> > derive the private key from it?
>> IANAM (Mathematician), but I believe that it is impossible to derive a
> private key from a public one. There is just not enough information in
> the public key. References:
I think the point is that there are only ~0.25m different keys that could be
generated by the broken openssl. So that it should relatively easy to find
the private key that matches your public one.
>>http://en.wikipedia.org/wiki/Digital_Signature_Algorithm#Key_generation>http://en.wikipedia.org/wiki/RSA#Key_generation>http://en.wikipedia.org/wiki/Diffie-Hellman#Description>> --
> Cheers,
> Josh
Paul.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
