[Bug 1516] New: ssh-keygen should warn about keys larger than OPENSSL_RSA_MAX_MODULUS_BITS
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Aug 29 16:58:16 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1516
Summary: ssh-keygen should warn about keys larger than
OPENSSL_RSA_MAX_MODULUS_BITS
Product: Portable OpenSSH
Version: 5.1p1
Platform: All
URL: http://www.hermann-uwe.de/blog/creating-32768-bit-rsa-
keys-for-fun-and-profit
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: ssh-keygen
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: t8m at centrum.cz
When ssh-keygen generates key which is larger than
OPENSSL_RSA_MAX_MODULUS_BITS (as defined in the current OpenSSL
releases) it should warn the user that the key will probably not be
usable. The current OpenSSL releases check if the key is larger and the
signature verification functions will fail for such keys to prevent
CVE-2006-2940.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list