On 01/23/2009 03:59 PM, Jan Schejbal:
Hi,
[weak keys]
Some of them can be found here:
http://metasploit.com/users/hdm/tools/debian-openssl/
I know, but they are SSH only as far as I can see. Is there such a
release for SSL? And would you consider such a release a good idea? (I
see little value for both attackers and legitimate use)
I think there is an SSL blacklist as well.
To avoid a sense of false security: These things can be easily generated
with very little knowledge and time. A one-time investment of 24 cpu
hours on one PC and you have the private key of a server with a weak
cert and all other private keys using the same architecture/keysize/prng
combination.
Yes.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
