From c32626a6e4ef7885ea1e1dcc6b39af07914498a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20D=C3=B6rre?= Date: Sun, 27 Jul 2014 00:54:34 +0200 Subject: bug-1292: prohibit keys with public exponent smaller than 65536 This is in accordance to what is recommended on the referenced wiki page: http://wiki.cacert.org/WeakKeys#SmallExponent --- includes/lib/check_weak_key.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php index 8ad2ccf..59c6cd6 100644 --- a/includes/lib/check_weak_key.php +++ b/includes/lib/check_weak_key.php @@ -173,7 +173,7 @@ function checkWeakKeyText($text) $exponent = $exponent[1]; // exponent might be very big => //handle as string using bc*() - if (bccomp($exponent, "3") === 0) + if (bccomp($exponent, "65537") < 0) { return sprintf(_("The keys you use might be insecure. ". "Although there is currently no known attack for ". -- cgit v1.2.1