On Wed, 14 May 2008 07:59:58 +0200, Yves-Alexis Perez wrote: > On mar, 2008-05-13 at 23:39 -0300, Henrique de Moraes Holschuh wrote: >> >> It is probably worth a lot of effort to fully map the entire set of >> keys >> the broken openssl could generate, and find a very fast way to check if >> a key belong to that set. And add that to openssl upstream (to >> automatically fail any verification done using such keys). > > Ubuntu apparently made it. See http://www.ubuntu.com/usn/usn-612-2
Not quite... "Once the update is applied, weak user keys will be automatically rejected where possible (though they cannot be detected in all cases)." I agree it would be neat if someone with a powerful machine could generate all possible keys. I don't know how long that would take however... -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
