On 01/23/2009 02:43 AM, Jan Schejbal:
Hi,
you can download all compromised keys by yourself. They are widely
published.
Has anyone actually published all (or "all interesting") weak private
keys for SSL? I know such a release exists for SSH (which AFAIK uses a
different exponent or something like that) and I know it is easily
possible to compute at least a subset (at least architecture, key length
and used PRNG variant seem to influence the key, so there are quite some
sets of keys, not just 32k!)
Is it a good idea to publish such key lists, or is it better to keep
them unpublished so at least the script-kiddies cannot abuse them?
Some of them can be found here:
http://metasploit.com/users/hdm/tools/debian-openssl/
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
