Re: dowkd.pl false positives

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-security@lists.debian.org
Subject: Re: dowkd.pl false positives
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
Date: Mon, 19 May 2008 17:44:36 +0200
Message-id: <[🔎] BA681C77-F5D6-4499-A07E-3210D7827A4A@webweaving.org>
In-reply-to: <[🔎] 87abipi0gq.fsf@mid.deneb.enyo.de>
References: <[🔎] 87abipi0gq.fsf@mid.deneb.enyo.de>


On May 17, 2008, at 2:23 PM, Florian Weimer wrote:

Someone has added a warning to the wiki page
<http://wiki.debian.org/SSLkeys> that dowdkd.pl "produces many false
positives".

Even if there are bugs in the script, this is *very* unlikely.  Could
someone please provide such an alleged false positive?

Perhaps confusion over false negatives - as the current ring does notinclude

all endian/cpu flavours - it is possible (currently) for it to return no

compromised keys - while there are in fact some. As the tool does notyet

check for all keys.

Dw.

Reply to:

Follow-Ups:
- Re: dowkd.pl false positives
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- dowkd.pl false positives
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by Date: Re: ssh-vulnkey and authorized_keys
Previous by thread: dowkd.pl false positives
Next by thread: Re: dowkd.pl false positives
Index(es):
- Date
- Thread