Fw: [FreeBSD-Announce] FreeBSD Security Advisory
FreeBSD-SA-06:23.openssl
Colin Percival
cperciva at freebsd.org
Thu Sep 28 06:34:51 PDT 2006
Bill Moran wrote:
> Can anyone define "exceptionally large" as noted in this statement?:
>
> "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by
> prohibiting the use of exceptionally large public keys. It is believed
> that no existing applications legitimately use such key lengths as would
> be affected by this change."
>
> It would be nice if "exceptionally large" were replaced with "keys in
> excess of x bits in size" or something. I don't expect that this will
> affect me, but ambiguous statements like that make me uncomfortable.
DH and DSA are limited to 10000 bits. RSA is limited to 16400 or 4112 bits
depending upon whether the public exponent is less or more than 72 bits.
I wouldn't have allowed this change into the security branches if I was not
very very confident that no applications would be affected by this.
Colin Percival
More information about the freebsd-security
mailing list