On Wed, 21 May 2008, Jamie Strandboge wrote: > > I discovered that there is also 3rd key which you get if you pass empty > > file by -rand. Keys created in this way are still the same so it's > > another possible compromised key. I'm not sure if it worth spend time on > > counting this keys... > > > Empty files vs non-existent result in the same key here. > Dirk-Willem van Gulik found that this is not always true in his tests. I discovered that 0.9.8g (and possibly 0.9.8f-- didn't check) creates different moduli depending on if .rnd is empty or non-existent. Earlier versions as included in Etch, Ubuntu Feisty and Ubuntu Gutsy do create the same moduli in these cases, but unstable and Ubuntu Hardy did do not. As such, I am generating blacklists for this situation also. Jamie -- Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Attachment:
signature.asc
Description: Digital signature