[unisog] FYI: Debian/Ubuntu SSL/SSH vulnerability, logging issues

Florian Weimer fw at deneb.enyo.de
Fri May 23 19:16:41 GMT 2008


* Reed Loden:

> You'd be much better off using Ubuntu's ssh-vulnkey program than the
> dowkd.pl script, as it has a more expansive blacklist, checks more
> things, and has less false positives.

Note that dowkd has not false positives I know of.  So far, for each
alleged false positive where I was given a public key, I could provide a
factorization of the RSA modulus.


More information about the unisog mailing list