[Bug 509990] Review Request: CVE-2008-0166_fingerprints - Fingerprints of the keys affected by CVE-2008-0166
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jul 8 06:46:52 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=509990
--- Comment #8 from Jan F. Chadima <jchadima at redhat.com> 2009-07-08 02:46:51 EDT ---
>
> I do see some of the files seem to come from Debian openssh-blacklist packages
> (have identical creation dates). Why not getting remaining key sizes included
> in openssh-blacklist upstream tarball and name Fedora package after it?
because the next package with full keys will follow instead of debian.
> Also, is there any good reason why le32_rsa_8192 contains only 5083
> fingerprints, rather than full space of ~2^15 keys? It's obviously derived
> from the HDMoore's *incomplete* set of 8192 bit LE32 keys [1], which, if I
> remember correctly, was published as incomplete due to time constraints at the
> time of publication.
>
> [1] http://www.metasploit.com/users/hdm/tools/debian-openssl/
generating 8192 keys is extremly slow
both 8192 keys are incomplete, the le64 I finish before release.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list