Debian OpenSSL Weak Key Detector (dowkd) version 0.9

To: debian-security@lists.debian.org
Subject: Debian OpenSSL Weak Key Detector (dowkd) version 0.9
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 18 May 2008 20:07:16 +0200
Message-id: <[🔎] 87mymno59n.fsf@mid.deneb.enyo.de>

Hi,

I've just uploaded a new version of dowkd.pl to the usual place:

  <http://security.debian.org/project/extra/dowkd/dowkd.pl.gz>
  <http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc>
    (OpenPGP signature)

This version should fix the most egregious issues in the user interface.

The blacklist has been extended, it is now compromised of:

  OpenSSH: rsa1/1024 rsa/1024 rsa/2048 dsa/1024
  OpenSSL: RSA/1024 RSA/2048
  OpenVPN: shared secret files

Only little-endian architectures are currently covered (with the
exception of rsa/2048 and dsa/1024, which also includes 32-bit
big-endian architectures).

As far as OpenSSL formats are concerned, dowkd currently reads PEM files
with X.509 certificates ("BEGIN CERTIFICATE") and unencrypted RSA
private keys ("BEGIN RSA PRIVATE KEY").

Feedback is welcome.  If you want to submit it privately, please send it
to <fw@deneb.enyo.de> and mention "dowkd" in the subject line.  Thanks!

Florian

Reply to:

Follow-Ups:
- Re: Debian OpenSSL Weak Key Detector (dowkd) version 0.9
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Amir Mechouk är inte på kontoret.
Next by Date: openssl-blacklist & two keys per one pid
Previous by thread: Re: dowkd.pl false positives
Next by thread: Re: Debian OpenSSL Weak Key Detector (dowkd) version 0.9
Index(es):
- Date
- Thread