Date: Thu, 28 Sep 2006 06:33:18 -0700 From: Colin Percival <cperciva@freebsd.org> To: Bill Moran <wmoran@potentialtech.com> Cc: freebsd security <freebsd-security@freebsd.org>, questions@freebsd.org Subject: Re: Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl Message-ID: <451BCF1E.2070609@freebsd.org> In-Reply-To: <20060928092437.4a4923a7.wmoran@potentialtech.com> References: <20060928092437.4a4923a7.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > Can anyone define "exceptionally large" as noted in this statement?: > > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by > prohibiting the use of exceptionally large public keys. It is believed > that no existing applications legitimately use such key lengths as would > be affected by this change." > > It would be nice if "exceptionally large" were replaced with "keys in > excess of x bits in size" or something. I don't expect that this will > affect me, but ambiguous statements like that make me uncomfortable. DH and DSA are limited to 10000 bits. RSA is limited to 16400 or 4112 bits depending upon whether the public exponent is less or more than 72 bits. I wouldn't have allowed this change into the security branches if I was not very very confident that no applications would be affected by this. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?451BCF1E.2070609>