Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
I suggest studying the utility mentioned in the advisory that verifies whether a key is weak
or not. That goes directly to the effect of whatever bug is in question (which is what
Cryptographic weakness on Debian systems
Posted May 13, 2008 15:59 UTC (Tue) by hmh (subscriber, #3838)
The key vulnerability check basically hashes the key and searches for it in a blacklist of
256Ki entries. The code says that blacklist is not known to be the complete set of weak keys,
it could be just a subset.
Further comments of that really means depend on studying the OpenSSL code at depth, which I
hope someone will disclose soon.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds