* Victor Duchovni wrote on Wed, May 28, 2008 at 21:10 -0400: > > > Only against random attacks of course, if all attackers > > > first check these keys, then removing them strengthens the > > > algorithm against (non-random) brute-force attack. This > > > said, the effort of explicitly avoiding these is probably > > > wasted (unless one suspects one has a identically weak > > > RNG).
I think blacklisting those keys on a strong system reduces the key space (even if it just the smallest bit of a bit) and thus helps the attacker, because she don't need to try those keys. In this particular case I would expect an attacker testing those `frequently existing' keys first (in the hope/expectation to hit from time to time a key generated with such a valgrind-SSL :-)). Noone requires brute-force to use a random probe order :-) If assuming that because of this all RSA brute force attacks try those keys first in all future, someone may wish to avoid such keys (accepting a small decrease of key space). On the other hand, someone else could assume that all potentially weak keys are regenerated and the concerned (boxes, systems, admins, security professionals, ...) now are more sensitive, carefully exchanged all keys against, installed IDSes scanning the network traffic for traces of weak keys and this time double-verified everything, including exhaustive use of all the black-hat attack tools to test themselfs, and from that conclude that it makes no sense to check that keys at all because noone will ever use them and if someone accidently created one, security test tools will alert `potential valgrind-SSL key' or alike. (I would start searching those `frequently existing' keys :-)) Does this make sense or am I wrong? A complicate topic I think, and very interesting :) oki, Steffen About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
