[Bug 509990] Review Request: CVE-2008-0166_fingerprints - Fingerprints of the keys affected by CVE-2008-0166

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=509990





--- Comment #8 from Jan F. Chadima <jchadima@xxxxxxxxxx>  2009-07-08 02:46:51 EDT ---
> 
> I do see some of the files seem to come from Debian openssh-blacklist packages
> (have identical creation dates).  Why not getting remaining key sizes included
> in openssh-blacklist upstream tarball and name Fedora package after it?  
because the next package with full keys will follow instead of debian.


> Also, is there any good reason why le32_rsa_8192 contains only 5083
> fingerprints, rather than full space of ~2^15 keys?  It's obviously derived
> from the HDMoore's *incomplete* set of 8192 bit LE32 keys [1], which, if I
> remember correctly, was published as incomplete due to time constraints at the
> time of publication.
> 
> [1] http://www.metasploit.com/users/hdm/tools/debian-openssl/ 
generating 8192 keys is extremly slow 
both 8192 keys are incomplete, the le64 I finish before release.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]