[Klug-general] SSL bug
Karl Lattimer
karl at qdh.org.uk
Thu May 22 13:36:57 BST 2008
On Thu, 22 May 2008 12:27:11 +0000, Andy Smith <andy at lug.org.uk> wrote:
> Hi,
>
> On Thu, May 22, 2008 at 08:10:23AM -0400, Karl Lattimer wrote:
>> p.s. I'm especially laughing now because you continue to put your PGP
> sigs
>> on messages, they aren't worth shit anymore, and every signature sent in
>> the past is even worse, every encrypted message you've ever sent are
> belong
>> to us!
>
> The OpenSSL cock-up does not affect PGP/GPG.
>
> Note there is also a possible arbitrary remote execution in gnutls
> going round this week.
>
Sorry but it was my understanding that id_rsa and id_dsa key generation was
ballsed up. I was asked to regenerate my gpg keys as well.
Maybe this was overzealous on the part of those requesting... But remember
that its not easy to implement public key cryptography, it might be that
the libraries are used in some way.
K,
More information about the Kent
mailing list