Re: Accepted openssh-blacklist 0.3 (source all)
On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote:
> OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees
> Cook <kees@outflux.net> disait:
>
> > * Add empty DSA-2048, since they weren't any bad ones.
>
> How is it possible?
I could be mistaken, but prior to openssl breaking, ssh-keygen stopped
allowing dsa 2048 keys, which means there wasn't a way to generate bad
ones:
$ ssh-keygen -t dsa -b 2048
DSA keys must be 1024 bits
-Kees
--
Kees Cook @outflux.net
Reply to: