> David Schwartz wrote: > > > Every known key, provided there are not too many known keys, is weak. > > Once again, you have a very idiosyncratic lexicon of cryptographic > terms. How about if we use these words the way cryptographers do? > > A weak key is one that causes a cipher to leak private data in the > ciphertext, or reveal key structure in a timing attack, or makes > the implementation vulnerable to an adaptive chosen-plaintext attack, > etc. A diminished keyspace reduces the number of keys to be attempted > in a brute force attack. This may or may not be significant. If the > reduction in keyspace means a brute force attack effort is reduced by > half to merely half the life of the universe, that might be a worthwhile > tradeoff.
Okay, I guess I give up. I now realize that I had no idea what you meant in your past few comments. What relevance do you think this notion of weak keys has to do with this issue, since you were the one who brought it up? The only issue here is known keys. The keys the Debian bug causes OpenSSL to choose are not weak in this sense. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
