[124218] in cryptography@c2.net mail archive
blacklisting the bad ssh keys?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu May 22 12:33:55 2008
Date: Wed, 14 May 2008 19:52:58 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: cryptography@metzdowd.com
Given the published list of bad ssh keys due to the Debian mistake (see
http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be
updated to contain a blacklist of those keys? I suspect that a Bloom
filter would be quite compact and efficient.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com