Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 8 Apr 2014 13:51:13 +0300
From: Georgi Guninski <guninski@...inski.com>
To: oss-security@...ts.openwall.com
Subject: Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ?

On Tue, Apr 08, 2014 at 12:25:12PM +0300, Georgi Guninski wrote:
> other cases. (for $1$ I would expect probability
> $1$).


This was mistake, both certs had g= -1.
With g=1 probability is $1$ in
openssl and Konqueror.

cacert3.pem is with g=1.


> 

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBFTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxH80wKjVLOUCAggA
MBQGCCqGSIb3DQMHBAiKk5RW6pYvxASB0NX7ub1i7IB0iKhi9mzkldCOAXtPULHo
wbwFR4yu4lMOj57xhmgA/TSgIxLFj6b9bLC2y0SKXCOf8VNxkL6CxWkuGSni/y+w
zJLksztdX1z60lXJxRkyNHFZWHW6lL3SKIwwpNMp1/YpExhG8ZPr83ZPEP+lNsFH
gCAYyJteFZfVC19CLDDt/ET4wf8iEXypiPgDN6TvPAh9EulFYyk2vWVpSwH956il
PUczkkU7G9eho04dqjIZQVTT+Z+Lnq2Ed8DDGzDa3ytdouHaJYcn5f8=
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIB/jCCAdGgAwIBAgIJAM5rZLy9VJdmMAkGByqGSM44BAMwRTELMAkGA1UEBhMC
QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
dHMgUHR5IEx0ZDAeFw0xNDA0MDgxMDQzMjJaFw0xNDA1MDgxMDQzMjJaMEUxCzAJ
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
dCBXaWRnaXRzIFB0eSBMdGQwgbMwgaoGByqGSM44BAEwgZ4CgYEA/jX7Klgx5HVc
WlqoH8oyo9aO/XqHhOoYVs8TlD+lCSjQ5PMKmdYkyQYxF4i0pFe8A7F0quUFY+LW
ORJEQqvBydRXqWjxRSCiEvW2yAT3u4c0KvKR3Yxt1LX7htsaaFb3BmDNkrhQgxwj
58KpTq5f7z0QHUysyQFMrvK4pwEOPpcCFQDvxW5qbbPAK8nfLCi7Vh/z1LNCCwIB
AQMEAAIBAaNQME4wHQYDVR0OBBYEFKJObNzcZ8MX+c5Wegvz1wQAZq9IMB8GA1Ud
IwQYMBaAFKJObNzcZ8MX+c5Wegvz1wQAZq9IMAwGA1UdEwQFMAMBAf8wCQYHKoZI
zjgEAwMcADAZAgEBAhQeAWNnvnZugjHVZmu+A04576ykmQ==
-----END CERTIFICATE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ