Debian OpenSSL Weak Key Detector (dowkd) version 0.9
Hi,
I've just uploaded a new version of dowkd.pl to the usual place:
<http://security.debian.org/project/extra/dowkd/dowkd.pl.gz>
<http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc>
(OpenPGP signature)
This version should fix the most egregious issues in the user interface.
The blacklist has been extended, it is now compromised of:
OpenSSH: rsa1/1024 rsa/1024 rsa/2048 dsa/1024
OpenSSL: RSA/1024 RSA/2048
OpenVPN: shared secret files
Only little-endian architectures are currently covered (with the
exception of rsa/2048 and dsa/1024, which also includes 32-bit
big-endian architectures).
As far as OpenSSL formats are concerned, dowkd currently reads PEM files
with X.509 certificates ("BEGIN CERTIFICATE") and unencrypted RSA
private keys ("BEGIN RSA PRIVATE KEY").
Feedback is welcome. If you want to submit it privately, please send it
to <fw@deneb.enyo.de> and mention "dowkd" in the subject line. Thanks!
Florian
Reply to: