Re: Accepted openssh-blacklist 0.3 (source all)

To: debian-security@lists.debian.org
Cc: Vincent Bernat <bernat@debian.org>
Subject: Re: Accepted openssh-blacklist 0.3 (source all)
From: Kees Cook <kees@outflux.net>
Date: Wed, 21 May 2008 00:19:23 -0700
Message-id: <[🔎] 20080521071923.GI12850@outflux.net>
In-reply-to: <[🔎] m31w3ww8h5.fsf@neo.luffy.cx>
References: <E1JybJN-0006Z4-2S@ries.debian.org> <[🔎] m31w3ww8h5.fsf@neo.luffy.cx>

On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote:
> OoO En  cette nuit nuageuse  du mercredi 21  mai 2008, vers  01:32, Kees
> Cook <kees@outflux.net> disait:
> 
> > * Add empty DSA-2048, since they weren't any bad ones.
> 
> How is it possible?

I could be mistaken, but prior to openssl breaking, ssh-keygen stopped
allowing dsa 2048 keys, which means there wasn't a way to generate bad
ones:

$ ssh-keygen -t dsa -b 2048
DSA keys must be 1024 bits

-Kees

-- 
Kees Cook                                            @outflux.net

Reply to:

Follow-Ups:
- Re: Accepted openssh-blacklist 0.3 (source all)
  - From: Simon Valiquette <v.simon@ieee.org>

References:
- Re: Accepted openssh-blacklist 0.3 (source all)
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Re: Debian OpenSSL Weak Key Detector (dowkd) version 0.9
Next by Date: Re: Accepted openssh-blacklist 0.3 (source all)
Previous by thread: Re: Accepted openssh-blacklist 0.3 (source all)
Next by thread: Re: Accepted openssh-blacklist 0.3 (source all)
Index(es):
- Date
- Thread