Re: openssl-blacklist & two keys per one pid
* Kees Cook:
>> The rule is simple. When the ~/.rnd file doesn't exist I get one key and
>> in other situation I get another (that listed in Ubuntu
>> openssl-blacklist) key. Because of this problem openssl-blacklist has to
>> be twice big than openssh-blacklist. I developed simple shell scripts to
>> generate list of all key lengths we are interested in. They are attached.
>
> Yes, this was realized during the generation of the openssl-blacklist in
> Ubuntu. We're expecting to have the more complete lists published soon,
> for all 3 architectures.
BTW, it appears that the same blacklist can be used for -3 and -F4 keys.
(Just in case you haven't checked that already.)
Reply to: