What is Digg?12 Comments
- smoothmoniker, on 05/14/2008, -0/+11the update fixed the problem with openssh, but the update doesn't replace your public keys - after you update, you have to do that manually. Thus the digg.
If users don't manually regenerate their keys, they're still vulnerable to attack, even after the update. - smoothmoniker, on 05/13/2008, -0/+9Digg it up! This is important, and something diggers should be aware of.
- FKnight, on 05/13/2008, -1/+5Doesn't help all the time and money that's going to be lost replacing the hundreds of thousands of X509 certs, SSH keys, and DNSSEC keys that have been created on Debian based distros over the past two years.
- ElectricKetchup, on 05/13/2008, -0/+3I always thought that OpenSSL only used /dev/random for entropy and didn't use a prng (as long as /dev/random existed on the platform). Was I wrong? Does OpenSSL really use a prng and if so, why? I don't mind generating entropy with hardware interrupts while wiggling my mouse around to create a more secure private key.
- mccord, on 05/13/2008, -1/+4more detailed info can be found on: http://lists.debian.org/debian-security-announce/2 ...
- daftman, on 05/14/2008, -2/+5You've got that right about your comment
- Onestone, on 05/14/2008, -1/+2True. But at least the update automatically regenerates OpenSSH cert and PK.
- SnowCrashv5, on 05/14/2008, -3/+2the guy is right though, this will never make the front page. The horde of Ubuntu Spam Bots wouldn't allow it.
- SnowCrashv5, on 05/14/2008, -6/+3obligatory to the ubuntu noobs: "in a nelson voice: ha ha"
- dualscreenman, on 05/13/2008, -6/+4Already fixed in Ubuntu (and probably Debian), haters can stfu.
- FKnight, on 05/13/2008, -9/+4This is so getting buried. Watch.
- FKnight, on 05/13/2008, -9/+2Nah, it makes Linux look bad. That's why this will never reach the front page.
I got $12 says so.
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is