summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorFelix Dörre <felix@dogcraft.de>2014-07-27 00:54:34 +0200
committerFelix Dörre <felix@dogcraft.de>2014-07-27 00:54:34 +0200
commitc32626a6e4ef7885ea1e1dcc6b39af07914498a4 (patch)
treef68aebadbc04d67f1f56804e992be5eb96881d8e /includes
parentfa3a17789986431c15dac26c43a8100ee7e8d0d4 (diff)
downloadcacert-devel-c32626a6e4ef7885ea1e1dcc6b39af07914498a4.tar.gz
cacert-devel-c32626a6e4ef7885ea1e1dcc6b39af07914498a4.tar.xz
cacert-devel-c32626a6e4ef7885ea1e1dcc6b39af07914498a4.zip
bug-1292: prohibit keys with public exponent smaller than 65536bug-1292
This is in accordance to what is recommended on the referenced wiki page: http://wiki.cacert.org/WeakKeys#SmallExponent
Diffstat (limited to 'includes')
-rw-r--r--includes/lib/check_weak_key.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index 8ad2ccf..59c6cd6 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -173,7 +173,7 @@ function checkWeakKeyText($text)
$exponent = $exponent[1]; // exponent might be very big =>
//handle as string using bc*()
- if (bccomp($exponent, "3") === 0)
+ if (bccomp($exponent, "65537") < 0)
{
return sprintf(_("The keys you use might be insecure. ".
"Although there is currently no known attack for ".