On Wed, May 14, 2008 at 07:33:43PM +0200, Jan Luehr wrote: > > To check all your own keys, assuming they are in the standard > > locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity): > > > > ssh-vulnkey > > I took a look at it and found two large blacklist containing lots of keys - > but no info on how these lists are generated - that makes me wonder: > > Afair DSA keys ought to be considered compromised, even if they aren't > generated by a broken libssl - so what's the sense in here? > > For the RSA part: > Is it possible that file contains non-broken keys or that broken keys are not > listed? What's the criteria for RSA-keys to be listed?
Indeed. After all the hassle I went through to make sure I'm sorted I'm now lumped with two lookup lists which might generate false positives and are just generally useless. I can't even not install the package because it's in the Depends line rather then Recommends or Suggests or whatnot. :/ -- "Police noticed some rustling sounds from Linn's bottom area and on closer inspection a roll of cash was found protruding from Linn's anus, the full amount of cash taken in the robbery." - http://www.smh.com.au/news/world/robber-hides-loot-up-his-booty/2008/05/09/1210131248617.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]