Full Disclosure mailing list archives
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 08 Aug 2008 23:28:19 +0200
* Eric Rescorla:
Why do you say a couple of megabytes? 99% of the value would be 1024-bit RSA keys. There are ~32,000 such keys.
There are three sets of keys, for big-endian 32-bit, little-endian 32-bit and little-endian 64-bit. On top of that, "openssl genrsa" generates different keys depending on the existence of $HOME/.rnd (and -3 creates yet another set of keys, but this is more in the league of "different key length"). If the library is used for key generation (instead of the command line tool), different keys might result. On the other hand, the on-disk size would be comparable to the phishing filter database. Part of the problem of the CRL approach is that CAs usually have policies against obtaining private keys and therefore can't prove to the customer that their keys are compromised. And adding a CRL entry when the customer isn't convinced that they've got a problem is probably not a good idea, either. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory, (continued)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Nicolas Williams (Aug 08)
- Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory Dick Hardt (Aug 08)
- Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory Gerald Beuchelt (Aug 08)
- Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory Eddy Nigg (StartCom Ltd.) (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Dave Korn (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Dan Guido (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Jin Sei (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Peter Gutmann (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Dan Kaminsky (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Eric Rescorla (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Florian Weimer (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Nicolas Williams (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Leichter, Jerry (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Eric Rescorla (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Leichter, Jerry (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Forrest J. Cavalier III (Aug 09)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Seth Breidbart (Aug 13)
- key blacklisting & file size (was: OpenID/Debian PRNG/DNS Cache poisoning advisory) Solar Designer (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Tim Dierks (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Ben Laurie (Aug 08)
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Tim Dierks (Aug 08)