blacklisting the bad ssh keys?

[Steven M. Bellovin]

Given the published list of bad ssh keys due to the Debian mistake (see
http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be
updated to contain a blacklist of those keys?  I suspect that a Bloom
filter would be quite compact and efficient.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com