Re: openssl-blacklist & two keys per one pid

To: Kees Cook <kees@ubuntu.com>
Cc: Jan Tomasek <jan@tomasek.cz>, Jamie Strandboge <jamie@ubuntu.com>, debian-security@lists.debian.org
Subject: Re: openssl-blacklist & two keys per one pid
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 19 May 2008 14:17:42 +0200
Message-id: <[🔎] 874p8u5vyx.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20080518233458.GF12850@outflux.net> (Kees Cook's message of "Sun, 18 May 2008 16:34:58 -0700")
References: <[🔎] 4830B725.7070104@tomasek.cz> <[🔎] 20080518233458.GF12850@outflux.net>

* Kees Cook:

>> The rule is simple. When the ~/.rnd file doesn't exist I get one key and  
>> in other situation I get another (that listed in Ubuntu  
>> openssl-blacklist) key. Because of this problem openssl-blacklist has to  
>> be twice big than openssh-blacklist. I developed simple shell scripts to  
>> generate list of all key lengths we are interested in. They are attached.
>
> Yes, this was realized during the generation of the openssl-blacklist in
> Ubuntu.  We're expecting to have the more complete lists published soon,
> for all 3 architectures.

BTW, it appears that the same blacklist can be used for -3 and -F4 keys.
(Just in case you haven't checked that already.)

Reply to:

Follow-Ups:
- Re: openssl-blacklist & two keys per one pid
  - From: Dirk-Willem van Gulik <dirkx@webweaving.org>
- Re: openssl-blacklist & two keys per one pid
  - From: Bodo Moeller <bmoeller@acm.org>
- Re: openssl-blacklist & two keys per one pid
  - From: Stefan Fritsch <sf@sfritsch.de>

References:
- openssl-blacklist & two keys per one pid
  - From: Jan Tomasek <jan@tomasek.cz>
- Re: openssl-blacklist & two keys per one pid
  - From: Kees Cook <kees@ubuntu.com>

Prev by Date: Re: openssl-blacklist & two keys per one pid
Next by Date: Re: openssl-blacklist & two keys per one pid
Previous by thread: Re: openssl-blacklist & two keys per one pid
Next by thread: Re: openssl-blacklist & two keys per one pid
Index(es):
- Date
- Thread