[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security advisory for YubiKey 4: RSA generation broken

On Mon, 2017-10-16 at 21:06 +0200, Christian Seiler wrote:
> Unfortunately, as far as I understand it, there's no easy method for
> detecting these kinds of broken keys without actually attempting to
> factorize them - and while that's feasible (hence the vulnerability)
> it is still quite expensive - so there is currently no easy method of
> scanning through the Debian keyring for affected keys.

Actually that's wrong, the generation process leaves “fingerprints” which can
be used to identify keys. See for example:


These tools have been used to identify three vulnerable (sub)keys in the
Debian keyring (this is already been taken care of).


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: