[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: ssh-vulnkey and authorized_keys
From:       Florian Weimer <fw () deneb ! enyo ! de>
Date:       2008-05-19 16:24:05
Message-ID: 873aoexnx6.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]

* James Miller:

>From what I understand ssh-vulnkey only check to see if a key is listed
>in the blacklist (already compromised).  Is there any way to
>empirically test whether a key is vulnerable or not?

All vulnerable keys should be contained in the blacklist.  In other
words, the blacklist should be complete.  There is no known way to test
for a weak key, except for looking it up in a pre-generated blacklist.


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]