https://bugzilla.novell.com/show_bug.cgi?id=393186
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=393186#c2
--- Comment #2 from Marcus Meissner 2008-05-23 05:52:18 MST ---
From: Solar Designer
To: oss-security@lists.openwall.com
User-Agent: Mutt/1.4.2.3i
Subject: [oss-security] OpenSSH key blacklisting
Hi,
Are any other distros, besides Debian, Ubuntu, and derived ones, going
to implement key blacklisting in OpenSSH - or are considering it?
We are considering it for Openwall GNU/*/Linux, and if our effort would
be reused by others, or if others join us in developing and/or testing
the patch, this would be a reason for us to go for it.
I don't think we'll take the Debian/Ubuntu patch as-is. Rather, we are
likely to use a trivial binary encoding/compression method for the
partial fingerprints. We'd also use smaller partial fingerprints. With
the approach I have in mind, it'd take around 4.55 bytes per key to
store 48-bit partial fingerprints, bringing the installed file size for
3 arch types and 2 key types/sizes in under 1 MB (or just over 1 MB for
3 key types/sizes).
Please comment.
Thanks,
Alexander
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.