-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 17, 2011, at 6:42 PM, Peter Gutmann wrote:
Jon Callas <jon(_at_)callas(_dot_)org> writes:
On the other hand, this has never been a problem. It's harder than you
think,
because you have to generate a new key each time, which takes a while on RSA.
Only if you want a secure key. For SSH fuzzy fingerprinting the limiting
factor is the hashing, not the rate at which you can crank out keys, as long
as you don't mind that the keys aren't very secure. OK, they're not secure at
all, but that doesn't matter since you're going for spoofing, not a secure
signature forgery.
Good point, you could generate a crap key. Nonetheless, for DSA it's just a
number, and those are cheap.
Still, making things better with a full fingerprint is a great idea.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.10.0 (Build 554)
Charset: us-ascii
wj8DBQFNNTXHsTedWZOD3gYRAheeAKCL1wAwD0FKBAR5JsZJQJff1x7LZQCg9MpM
gfLvp5yE3cfNqbdGyZvtIgc=
=Q7tP
-----END PGP SIGNATURE-----