[Cryptography] OpenSSL: rsa_builtin_keygen: key size too small
Tom Mitchell
mitch at niftyegg.com
Tue Dec 24 16:59:30 EST 2019
On Tue, Dec 24, 2019 at 1:43 PM Viktor Dukhovni <cryptography at dukhovni.org>
wrote:
> On Mon, Dec 23, 2019 at 11:38:30AM -0800, Ray Dillinger wrote:
>
> > Further, I doubt anyone there will be interested in helping you create
> > a version that doesn't throw that error message.
>
> Well, I'm on the OpenSSL team, and did explain how to build a custom
> version that will admit smaller keys.
>
> > People have been badly burned several times by downgrade attacks.
I am tempted to have someone binary edit the test in the binary object.
Just change the limit test to tiny and see what happens.
I would hope basic system integrity tools would notice such a change for
the file in a normal location. $PATH could find it in a test location.
Sort of a bad idea, I know, but hackers do worse to systems so consider
this can of worms
a warning more than a suggestion.
--
T o m M i t c h e l l ( o n N i f t y E g g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20191224/1a547de4/attachment.htm>
More information about the cryptography
mailing list