[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: ssh-vulnkey and authorized_keys
From: Florian Weimer <fw () deneb ! enyo ! de>
Date: 2008-05-19 16:24:05
Message-ID: 873aoexnx6.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]
* James Miller:
>From what I understand ssh-vulnkey only check to see if a key is listed
>in the blacklist (already compromised). Is there any way to
>empirically test whether a key is vulnerable or not?
All vulnerable keys should be contained in the blacklist. In other
words, the blacklist should be complete. There is no known way to test
for a weak key, except for looking it up in a pre-generated blacklist.
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic