Fault in openssl-blacklist - version 0.1 -- false negatives.

Just FYI - there seems a minor fault in the openssl-blackist tool[1],I strongly suspect that the line:

#print "bits: %s\nmodulus: %s\nkey: %s\nkey80: %s" % (bits,modulus, key, key[20:])

    if key[20:] in db_lines:

needs to be

    key = sha.sha(modulus).hexdigest()

#print "bits: %s\nmodulus: %s\nkey: %s\nkey80: %s" % (bits,modulus, key, key[20:])

    if key in db_lines:

for the tool to be functional. As it stands - it seems to give falsenegatives -- lulling one in a potentially false sense of security.


Thanks,

Dw.

1: https://launchpad.net/ubuntu/hardy/+source/openssl-blacklist/0.1-0ubuntu0.8.04.2

Reply to:

Follow-Ups:
- Fault in openssl-blacklist - version 0.1 -- false negatives.
  - From: Dirk-Willem van Gulik <dirkx@webweaving.org>