On Thu, 15 May 2008, Jon Dowland wrote: > there's a tarball of 32bit/le rsa 4096 key pairs at > <http://metasploit.com/users/hdm/tools/debian-openssl/>. > > I'm trying to build a blacklist for these keys*. It would be > nice if one was included in the package.
Until those lists are complete (ie for 32 and 64 bits, and big/low endian), I don't think they should be integrated as the ssh-vulnkey tool will report "Not blacklisted" for keys which are potentially compromised because they have been generated on amd64 for example... Lucas has access to GRID-5000 and could generate the keys if someone provides him the required information to do the task given that the nodes are amd64 (but he uses them as i386 by default with linux32 IIRC). But he will only have access to GRID-5000 when he comes back from his trip to fosscamp (on sunday). Also ccing vincent danjean who also has access to grid 5000. Cheers, -- Raphaël Hertzog Le best-seller français mis à jour pour Debian Etch : http://www.ouaza.com/livre/admin-debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
