I guess I could have been more specific, openssl is the default ssl
implementation on most Linux boxen (AFAIK), although I have to say I
didn't know OpenSSH (default ssh on Linux boxen again) used ssl, I
always thought the OpenBSD guys only used their own tools when it came
to encryption.
David Golden wrote:
> On Friday 23 May 2008, James McCarthy wrote:
>>> It is my understanding that Ubuntu disc encryption is provided by
>> dm-crypt, which makes use of crypto api in the Linux kernel. And does
>> not use anything from OpenSSL, meaning the flaw announced is not
>> applicable?
>>>> Well, it's almostc certainly not applicable, but your phrasing is a bit
> loose, hinging on what you understand by "from OpenSSL":
>> Any ssh or ssl keypairs generated by ("from"...) the debian-mangled
> OpenSSL are weak. Stuff secured with such a keypair is at risk -
> doesn't matter if it's not using openssl at runtime, doesn't matter if
> it's not running on debian/debianoids.
>> HOWEVER, you don't usually use such keypairs in any part of a dm-crypt
> setup. :-)
>> You could have gone out of your way to involve openssl... but you'd
> almost certainly know it if you had:
>http://www.debian.org/security/key-rollover/#cryptsetup>
--
- James McCarthy
Software Engineer
Solaris PIT Group
Sun Microsystems Ireland.
--------------------------
Phone: +353-1-8119283
Email: james.mccarthy at sun.com
Blog: http://blogs.sun.com/breakdown
--------------------------
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
