On Thu, May 15, 2008 at 01:45:51AM +0200, raven wrote: > Ted Unangst ha scritto: >> On 5/14/08, Gabriel Linder <[EMAIL PROTECTED]> wrote: >> >>> Just wondering... If someone generates ssh keys with flags J or Z >>> set in malloc.conf(5), aren't these keys useless too (since feeding >>> predictable data is more or less equal to not feeding data at all) ? >>> > A decent analysis can be found here... just to understand what can do a > comment /* */ :) > http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html
Are you sure that's a decent analysis? If you have a non-debian system with the full number of keys available, what are the chances that you've landed on one of the 32767 keys? Not very likely. So that analysis seems alarmist and sensational to me. -- Darrin Chandler | Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
