[Cryptography] OpenSSL: rsa_builtin_keygen: key size too small

Tom Mitchell mitch at niftyegg.com
Tue Dec 24 16:59:30 EST 2019

On Tue, Dec 24, 2019 at 1:43 PM Viktor Dukhovni <cryptography at dukhovni.org>

> On Mon, Dec 23, 2019 at 11:38:30AM -0800, Ray Dillinger wrote:
> > Further, I doubt anyone there will be interested in helping you create
> > a version that doesn't throw that error message.
> Well, I'm on the OpenSSL team, and did explain how to build a custom
> version that will admit smaller keys.
> > People have been badly burned several times by downgrade attacks.

I am tempted to have someone binary edit the test in the binary object.
Just change the limit test to tiny and see what happens.

I would hope basic system integrity tools would notice such a change  for
the file in a normal location. $PATH could find it in a test location.

Sort of a bad idea, I know, but hackers do worse to systems so consider
this can of worms
a warning more than a suggestion.

          T o m    M i t c h e l l ( o n   N i f t y E g g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20191224/1a547de4/attachment.htm>

More information about the cryptography mailing list