cryptographic keys should be regenerated during installation

Bug #337611 reported by Alon Swartz on 2009-03-04
Affects Status Importance Assigned to Milestone
TurnKey Linux
Fix Released
Alon Swartz

Bug Description

TurnKey appliances are vulnerable to a cryptographic weakness due to the usage of non-secret private keys.

This allows an attacker to effectively subvert encryption: decrypt traffic, perform man in the middle attacks, etc. Very bad news for a
system that relies on that encryption to survive in a hostile public network.

Alon Swartz (alonswartz) wrote :

Fix included in all appliances of the 2009.02 release.

Those using older versions are encouraged to manually regenerate their cryptographic keys

Changed in turnkeylinux:
assignee: nobody → alonswartz
importance: Undecided → High
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers