oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenSSH key blacklisting

From: Solar Designer <solar () openwall com>
Date: Sun, 18 May 2008 20:35:10 +0400
On Sun, May 18, 2008 at 09:12:16AM -0700, Kees Cook wrote:

Ah, I haven't been separating it by arch, but I can certainly do that.
I've been including the "full" hashes in the Debian openssh-blacklist
source package and reducing them for the final files.  I can easily
split up the source blacklist files by arch and combine them during the
"build".


Yes, please split by {arch, key type, key size}.  That is, let's have
one "source" file per combination of these.


I will probably also keep the file in PID order, and sort it during the
build.


Good idea.  That way, it'd be easier for us to compare your blacklists
against those others may have.

What about my question re: RSA keys for protocol 1 vs. protocol 2?

Thanks,

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: