[Box Backup] Advice for users of Debian-derived systems affected by the OpenSSL fiasco -- assume compromise of all data

Bjarne Carlsen boxbackup@fluffy.co.uk
Mon, 19 May 2008 14:47:14 +0200


man, 19 05 2008 kl. 13:07 +0100, skrev Matt Brown:
> What I have done in this instance is update the SSL on the affected  
> server, recreate the CA and re-sign all existing clients csr.pem
> files  
> and re-issue a new serverCA.pem ..

You've done exactly what was needed. As your .raw keys were generated on
a secure system, your data are safe.
You should consider the transfer itself compromised, (which is no big
deal since the transferred data were encrypted).

Bjarne