On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote: > OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees > Cook <[EMAIL PROTECTED]> disait: > > > * Add empty DSA-2048, since they weren't any bad ones. > > How is it possible?
I could be mistaken, but prior to openssl breaking, ssh-keygen stopped allowing dsa 2048 keys, which means there wasn't a way to generate bad ones: $ ssh-keygen -t dsa -b 2048 DSA keys must be 1024 bits -Kees -- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
