2008/5/17 Curt Micol <[EMAIL PROTECTED]>: > http://leaf.dragonflybsd.org/mailarchive/kernel/2008-05/msg00038.html > > Here is some more information including a list of keys: > http://metasploit.com/users/hdm/tools/debian-openssl/ > > Thought I'd share. It's possible I am wrong and this isn't a good > idea, but I can't think of any reason why it isn't.
I can actually think of an entirely theoretical reason why the exclusion of the affected keys could conceivably, hypothetically be considered to be disadvantageous: It reduces the key space; i.e. future attackers of systems that have blacklisted these keys might know that they have a few less combinations to try. In the real world however, the affected keys will probably be the first ones attackers will try, and the above is just an entirely theoretical disadvantage -- and it's a much smaller disadvantage than that constituted by continuing to allow the affected keys. Kind regards, --ropers
