Testing for weak OpenSSL keys

During May 2008 the Debian project released a security advisory describing a bug discovered in OpenSSL by Luciano Bello. What Luciano had found was that the random number generator in the Debian OpenSSL package was predictable and had been since an erroneous software change in 2006. This meant that the cryptographic keys generated by OpenSSL were potentially vulnerable and should not be used. Our online decoder checks your CSR and certificate against a blacklist of keys known to be weak and warns you if your key appears on this blacklist.

– Phil

This entry was posted in Uncategorized. Bookmark the permalink.