* James Miller: >From what I understand ssh-vulnkey only check to see if a key is listed >in the blacklist (already compromised). Is there any way to >empirically test whether a key is vulnerable or not? All vulnerable keys should be contained in the blacklist. In other words, the blacklist should be complete. There is no known way to test for a weak key, except for looking it up in a pre-generated blacklist.