Shibboleth 2.5.1 blacklist of RSA 1.5
Cantor, Scott
cantor.2 at osu.edu
Tue Jan 29 13:03:58 EST 2013
On 1/29/13 12:52 PM, "praveen" <praveen.pinto at peopleadmin.com> wrote:
>Here was the part of the log that first led me to believe the customer
>uses
>rsa 1.5, and led me down the path ..
I'm not saying somebody's not trying to use it, I'm saying that's not a
justification for compromising your key. The encryption you can punt,
that's fine, but do NOT use a single key pair for both functions if you
turn on 1.5. At least then only the encryption key is vulnerable.
-- Scott
More information about the users
mailing list