LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Cryptographic weakness on Debian systems

Cryptographic weakness on Debian systems

Posted May 14, 2008 11:15 UTC (Wed) by cjwatson (subscriber, #7322)
In reply to: Cryptographic weakness on Debian systems by mbizon
Parent article: Cryptographic weakness on Debian systems 

At present I don't think it's wise to release what essentially amounts to exploit code. For
keys that aren't in the blacklist about which you aren't sure, I recommend looking at the
timestamp information (RSA keys generated before 17 Sep 2006, when the bug was introduced,
aren't vulnerable), but otherwise regenerate the key in case of doubt.

(Log in to post comments)

Cryptographic weakness on Debian systems

Posted May 15, 2008 10:53 UTC (Thu) by endecotp (guest, #36428) [Link] 

The complete set of vulnerable keys has now been published.

Cryptographic weakness on Debian systems

Posted May 17, 2008 7:50 UTC (Sat) by markshuttle (subscriber, #22379) [Link] 

I doubt that. The complete set would include all possible key sizes, For DSA that's fixed at
1024 bits, for RSA it's open-ended, though anybody with more than 4096 bits is being very
conservative ;-). We had a 16k-bit key at Thawte, but it blew up most crypto libraries and
toolkits at the time, so we didn't use it much.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds