blacklist.RSA-1024 missing?

To: debian-security@lists.debian.org
Subject: blacklist.RSA-1024 missing?
From: Vineet Kumar <vineet@doorstop.net>
Date: Thu, 15 May 2008 10:32:09 -0700
Message-id: <[🔎] 20080515173209.GA9466@doorstop.net>
Mail-followup-to: debian-security@lists.debian.org

I'm a bit concerned about the many 1024-bit RSA keys I have on my
system.  To be on the safe side, I'm removing them and replacing them
with newly-generated 2048-bit keys.

I wonder though, why there's no blacklist.RSA-1024 in the
openssh-blacklist package?  Running ssh-vulnkey tells me "Unknown (no
blacklist information)" for all of the 1024-bit RSA keys on my system.
This includes my host keys, meaning they weren't automatically replaced
by the new openssh-server's postinst.  (Perhaps the ssh-vulnkey -q test
should be strengthened to at least warn the user about "unknown" status
keys, rather than quietly allowing them?)

Vineet

-- 
http://www.doorstop.net/

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: blacklist.RSA-1024 missing?
  - From: Vineet Kumar <vineet@doorstop.net>
- Re: blacklist.RSA-1024 missing?
  - From: Jan Tomasek <jan@tomasek.cz>

Prev by Date: Re: blacklist.RSA-1024 missing?
Next by Date: Re: blacklist.RSA-1024 missing?
Previous by thread: openssh: working exploit on bugtraq
Next by thread: Re: blacklist.RSA-1024 missing?
Index(es):
- Date
- Thread