* Vineet Kumar (vineet@doorstop.net) [080515 10:39]: > I was able to find blacklist.RSA-1024 in Ubuntu's openssl-blacklist > package, and (fortunately) found that my 1024-bit RSA keys are in fact > not blacklisted. I guess this is probably because those keys were generated before openssl 0.9.8c-1. So in the usual case of people always going with the default key length, I suppose 1024-bit RSA keys are generally not vulnerable. Still, someone could have generated a 1024-bit RSA key with a vulnerable openssl, and so IMHO the blacklist file ought to be included and used anyway. good times, Vineet -- http://www.doorstop.net/ -- "Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." -- Albert Einstein
Attachment:
signature.asc
Description: Digital signature