> Finally - how real is this concern? What is the probability that say a > 2048bit generated key could fall into the 32,767 keys in the metasploit > SSH example on unaffected systems? > > Best Regards, > > Deane
If you think about it, it doesn't make sense. Suppose I include a randomish string in my message "46e8bd8ceae57f8b7af66536e7859bad". Any attacker might see this message -- it's public. So he can certainly try that string as your password. So will you now run off and add it to a blacklist, since it's clearly now a weak password? DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
