[Cryptography] OpenSSL: rsa_builtin_keygen: key size too small
mitch at niftyegg.com
Tue Dec 24 16:59:30 EST 2019
On Tue, Dec 24, 2019 at 1:43 PM Viktor Dukhovni <cryptography at dukhovni.org>
> On Mon, Dec 23, 2019 at 11:38:30AM -0800, Ray Dillinger wrote:
> > Further, I doubt anyone there will be interested in helping you create
> > a version that doesn't throw that error message.
> Well, I'm on the OpenSSL team, and did explain how to build a custom
> version that will admit smaller keys.
> > People have been badly burned several times by downgrade attacks.
I am tempted to have someone binary edit the test in the binary object.
Just change the limit test to tiny and see what happens.
I would hope basic system integrity tools would notice such a change for
the file in a normal location. $PATH could find it in a test location.
Sort of a bad idea, I know, but hackers do worse to systems so consider
this can of worms
a warning more than a suggestion.
T o m M i t c h e l l ( o n N i f t y E g g )
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography