Re: openssl-blacklist & two keys per one pid
On Mon, May 19, 2008 at 01:09:25AM +0200, Jan Tomasek wrote:
> My colleague developed script for converting X509 certificates to SSH
> key hash. It was strange when we realized that none of issued
> certificates matched. It is because OpenSSH and OpenSSL blacklist are
> not compatible. OpenSSH and OpenSSL are using diferent exponent when
> creating private key.
That's correct -- this is true for OpenVPN as well.
> The rule is simple. When the ~/.rnd file doesn't exist I get one key and
> in other situation I get another (that listed in Ubuntu
> openssl-blacklist) key. Because of this problem openssl-blacklist has to
> be twice big than openssh-blacklist. I developed simple shell scripts to
> generate list of all key lengths we are interested in. They are attached.
Yes, this was realized during the generation of the openssl-blacklist in
Ubuntu. We're expecting to have the more complete lists published soon,
for all 3 architectures.
> I also published full list of compromited keys in lengths 1024 and 2048
> for Intel 32bit and 64bit platforms on my website. There is more keys
> than in Ubuntu blacklist, but I'm missing others. I'm planning to
> publish 4096 bit keys list tomorrow. I'm not going to publish complete
> archives of private keys.
Thanks! We can verify our lists against yours to make sure we're all on
the same page. :)
-Kees
--
Kees Cook
Ubuntu Security Team
Reply to: