Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080518163510.GA11435@openwall.com>
Date: Sun, 18 May 2008 20:35:10 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Kees Cook <kees@...ntu.com>
Subject: Re: OpenSSH key blacklisting

On Sun, May 18, 2008 at 09:12:16AM -0700, Kees Cook wrote:
> Ah, I haven't been separating it by arch, but I can certainly do that.
> I've been including the "full" hashes in the Debian openssh-blacklist
> source package and reducing them for the final files.  I can easily
> split up the source blacklist files by arch and combine them during the
> "build".

Yes, please split by {arch, key type, key size}.  That is, let's have
one "source" file per combination of these.

> I will probably also keep the file in PID order, and sort it during the
> build.

Good idea.  That way, it'd be easier for us to compare your blacklists
against those others may have.

What about my question re: RSA keys for protocol 1 vs. protocol 2?

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.