Guido Hennecke wrote:
At 15.05.2008, Vineet Kumar wroteI was able to find blacklist.RSA-1024 in Ubuntu's openssl-blacklist package, and (fortunately) found that my 1024-bit RSA keys are in fact not blacklisted.On what hardware platform your keys were generated? A friend tested to generate a key with PID 100 on x86-32bit and one on x86-64bit and the keys differ. So I think, there are much more blacklists needed than just one for 1024 bit and one for 2048. You need one blacklist for every keytype and lenght and for every hardware platform.
Yes amd64 produces different results than x86.It also seams that amd64 produces two possible results for one PID. There is big disproportion in frequency between 1st and 2nd possible key but they both has to be considered as compromised. For example:
PID hash count 32765: 50743ddfce8d36705b3118e9efc29d4f: 2 32765: c3bb06a1b91e91b164c8aad38b173f9d: 208 32766: b436e0c7c42b604774d3579290efeb3d: 4 32766: bc30db19565011302374fc0dbe3645bb: 203 32767: 04c2eb648cdcf9969e1cdec2e05f9ec6: 200 32767: e98d38a7640f8e6b7d9ba1436c1ba4a6: 8 I tested about 10e6 keys on amd64 platform and got about 51e3 unique keys. -- ----------------------- Jan Tomasek aka Semik http://www.tomasek.cz/
Attachment:
signature.asc
Description: OpenPGP digital signature