diff options
author | Felix Dörre <felix@dogcraft.de> | 2014-07-27 00:54:34 +0200 |
---|---|---|
committer | Felix Dörre <felix@dogcraft.de> | 2014-07-27 00:54:34 +0200 |
commit | c32626a6e4ef7885ea1e1dcc6b39af07914498a4 (patch) | |
tree | f68aebadbc04d67f1f56804e992be5eb96881d8e | |
parent | fa3a17789986431c15dac26c43a8100ee7e8d0d4 (diff) | |
download | cacert-devel-c32626a6e4ef7885ea1e1dcc6b39af07914498a4.tar.gz cacert-devel-c32626a6e4ef7885ea1e1dcc6b39af07914498a4.tar.xz cacert-devel-c32626a6e4ef7885ea1e1dcc6b39af07914498a4.zip |
bug-1292: prohibit keys with public exponent smaller than 65536bug-1292
This is in accordance to what is recommended on the referenced
wiki page: http://wiki.cacert.org/WeakKeys#SmallExponent
-rw-r--r-- | includes/lib/check_weak_key.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php index 8ad2ccf..59c6cd6 100644 --- a/includes/lib/check_weak_key.php +++ b/includes/lib/check_weak_key.php @@ -173,7 +173,7 @@ function checkWeakKeyText($text) $exponent = $exponent[1]; // exponent might be very big => //handle as string using bc*() - if (bccomp($exponent, "3") === 0) + if (bccomp($exponent, "65537") < 0) { return sprintf(_("The keys you use might be insecure. ". "Although there is currently no known attack for ". |