Hi, you wrote: (...) >A detector for known weak key material will be published at: > > <http://security.debian.org/project/extra/dowkd/dowkd.pl.gz> > <http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc> > (OpenPGP signature) (...) Thank you for providing a perl script to check for vulnerable keys! That was very helpfull especially for non debian systems where the fingerprints of vulnerable keys might hide in some authorized_keys files. Unfortunately, 4096 bit RSA keys have been used quite often and we are asked by sites how to check for these, too. Could you add the fingerprints of the keys offered on metasploit.com to dowkd.pl so at least those are checked? The 4096 bit RSA keys are on the site and the few I tested are indeed of the vulnerable set: http://metasploit.com/users/hdm/tools/debian-openssl/ Regards, Andreas -- Andreas Bunten (CSIRT), +49 40 808077-555 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature