Re: Fw: [FreeBSD-Announce] FreeBSD Security Advisory
Bill Moran wrote:
> Can anyone define "exceptionally large" as noted in this statement?:
>
> "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by
> prohibiting the use of exceptionally large public keys. It is believed
> that no existing applications legitimately use such key lengths as would
> be affected by this change."
>
> It would be nice if "exceptionally large" were replaced with "keys in
> excess of x bits in size" or something. I don't expect that this will
> affect me, but ambiguous statements like that make me uncomfortable.
DH and DSA are limited to 10000 bits. RSA is limited to 16400 or 4112 bits
depending upon whether the public exponent is less or more than 72 bits.
I wouldn't have allowed this change into the security branches if I was not
very very confident that no applications would be affected by this.
Colin Percival
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 1 之 37 篇):