Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Sun, 18 May 2008 20:35:10 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Kees Cook <kees@...ntu.com>
Subject: Re: OpenSSH key blacklisting

On Sun, May 18, 2008 at 09:12:16AM -0700, Kees Cook wrote:
> Ah, I haven't been separating it by arch, but I can certainly do that.
> I've been including the "full" hashes in the Debian openssh-blacklist
> source package and reducing them for the final files.  I can easily
> split up the source blacklist files by arch and combine them during the
> "build".

Yes, please split by {arch, key type, key size}.  That is, let's have
one "source" file per combination of these.

> I will probably also keep the file in PID order, and sort it during the
> build.

Good idea.  That way, it'd be easier for us to compare your blacklists
against those others may have.

What about my question re: RSA keys for protocol 1 vs. protocol 2?

Thanks,

Alexander

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ