Hi,
you can download all compromised keys by yourself. They are widely
published.
Has anyone actually published all (or "all interesting") weak private
keys for SSL? I know such a release exists for SSH (which AFAIK uses a
different exponent or something like that) and I know it is easily
possible to compute at least a subset (at least architecture, key
length and used PRNG variant seem to influence the key, so there are
quite some sets of keys, not just 32k!)
Is it a good idea to publish such key lists, or is it better to keep
them unpublished so at least the script-kiddies cannot abuse them?
Sincerely,
Jan
--
Please avoid sending mails, use the group instead.
If you really need to send me an e-mail, mention "FROM NG"
in the subject line, otherwise my spam filter will delete your mail.
Sorry for the inconvenience, thank the spammers...
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
