On Wed, May 28, 2008 at 10:55:18PM -0700, David Schwartz wrote: > Okay, I guess I give up. I now realize that I had no idea what > you meant in your past few comments. What relevance do you think > this notion of weak keys has to do with this issue, since you > were the one who brought it up? > > The only issue here is known keys. The keys the Debian bug > causes OpenSSL to choose are not weak in this sense.
I know exactly what he's getting at. Back in the day, DES was the de facto encryption algorithm. Later, we found that some of the keys in the keyspace were weak, using the cryptographic meaning of "weak". For example, if one key caused the encryption to be a no-op, that would be ultimately weak. These were actually significantly less weak then that, classified into two groups known as "weak" and "semi-weak"... http://en.wikipedia.org/wiki/Weak_key Of course, you'd generate these keys randomly n/2^56 (note: not 2^64) of the time, for a small integer n. The question was what to do about it. In an ideal world, I think the system should throw an exception then and let the calling application feed it another key. However, I think the general consensus was that we should just ignore it. I suppose in retrospect, that the chance of picking any single weak key was equal to the chance that the adversary simply guessed your key... in this case one in 2^56... so as long as there aren't too many, it's still O(brute force). -- Crypto ergo sum. https://www.subspacefield.org/~travis/ Truth does not fear scrutiny or competition, only lies do. If you are a spammer, please email [EMAIL PROTECTED] to get blacklisted. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
