Hi,
[weak keys]
Some of them can be found here:
http://metasploit.com/users/hdm/tools/debian-openssl/
I know, but they are SSH only as far as I can see. Is there such a
release for SSL? And would you consider such a release a good idea? (I
see little value for both attackers and legitimate use)
To avoid a sense of false security: These things can be easily
generated with very little knowledge and time. A one-time investment of
24 cpu hours on one PC and you have the private key of a server with a
weak cert and all other private keys using the same
architecture/keysize/prng combination.
Jan
--
Please avoid sending mails, use the group instead.
If you really need to send me an e-mail, mention "FROM NG"
in the subject line, otherwise my spam filter will delete your mail.
Sorry for the inconvenience, thank the spammers...
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
