On Wed, May 28, 2008 at 08:09:16AM -0700, Michael Sierchio wrote:
> David Schwartz wrote:
>
> > ... Suppose I include a randomish
> >string in my message "46e8bd8ceae57f8b7af66536e7859bad". Any attacker might
> >see this message -- it's public. So he can certainly try that string as
> >your
> >password. So will you now run off and add it to a blacklist, since it's
> >clearly now a weak password?
>
> I suppose the distinction between "known" and "weak" is too fine
> a semantic point for you?
If there exists a known subset of keys large enough for random keys
to have appreciable probability of being a member of that set, the
keyspace is too small. The RSA keyspace is not "small" in this sense,
in fact because it succumbs to *analytic* attacks long before exhaustive
key-space search brute-force attacks, the odds of a random RSA key being
in a small set of keys are rediculously low. The OP's concern is unwarranted.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
