Volodymyr Kostyrko c.kworr at
Fri Dec 16 15:27:30 UTC 2011

Hi all.

Recently I started to recheck usability of ssh keys and found that ECDSA 
keys are already available. I've tried to make one and it points me 
about key bit length. Reading about this on

I also noticed that a timing attack is possible against OpenSSL. Quick 
checking the code shows that we haven't integrated the fix yet as 
current revision of

misses the fix from:

And after latest OpenSSH import by des:

we are automatically creating (and using?) private ECDSA key:

Am I missing something?

Sphinx of black quartz judge my vow.

More information about the freebsd-security mailing list