Given this - Summary:
Essentially, to make debugging easier, the OpenSSL volunteers (highly skilled volunteers eff-up as much as anyone else, mind you - someone should pay these people) and the Debian volunteers (same situation, but with less computer security sauce) authorized the Debian volunteers to completely cripple many open-source crypto protocols. Not that they hijacked and crippled every system, but they sort of unknowingly crippled a core crypto system pretty much everyone relies on, and apparently no one noticed for about a year.

Anyway, given that, I finally went and figured out how to use SSH with honest to goodness asymmetric-key certificates instead of just interactive on-the-fly crypto it provides where you type in your password every time. It turns out that the crypto was so crippled that for anyone in the know, if they were sniffing your traffic and you were using the on-the-fly crypto, you may as well have been typing your passwords in the clear.

If you use DreamHost, there are good generic and PuTTY-specific instructions on the support Wiki.

Tags:   crypto · debian · openssl · public screwupsNo Comments