Re: Accepted openssh 1:4.7p1-9 (source all i386)

To: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Subject: Re: Accepted openssh 1:4.7p1-9 (source all i386)
From: Joey Hess <joeyh@debian.org>
Date: Thu, 15 May 2008 15:41:31 -0400
Message-id: <[🔎] 20080515194131.GA9971@kodama.kitenet.net>
In-reply-to: <[🔎] 20080514014926.GM16645@riva.ucam.org>
References: <[🔎] E1Jvw16-0003ZX-LM@ries.debian.org> <[🔎] 20080513221823.GA10644@kodama.kitenet.net> <[🔎] 87wslxiu1w.fsf@windlord.stanford.edu> <[🔎] 20080514010859.GA28496@kodama.kitenet.net> <[🔎] 20080514014926.GM16645@riva.ucam.org>

Colin Watson wrote:
> My back-of-the-envelope calculation is that you need something
> approaching 10^80 key generations to have been performed before the risk
> of having one key in the broken space from any of them becomes
> non-negligible.

But openssh-blacklist looks at (partial) fingerprints, not whole keys; each
partial fingerprint should match many possible keys. Did you factor that into
your calculations?

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Colin Watson <cjwatson@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Joey Hess <joeyh@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Russ Allbery <rra@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Joey Hess <joeyh@debian.org>
- Re: Accepted openssh 1:4.7p1-9 (source all i386)
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Processed: Re: Bug#481295: Preconfiguring of openssh-servers fails due to mount option "noexec" on /tmp
Next by Date: Bug#481398: openssh-client: ssh-vulnkey does not report location of files containing compromised or unrecognized keys
Previous by thread: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Next by thread: Re: Accepted openssh 1:4.7p1-9 (source all i386)
Index(es):
- Date
- Thread