From c32626a6e4ef7885ea1e1dcc6b39af07914498a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Sun, 27 Jul 2014 00:54:34 +0200
Subject: bug-1292: prohibit keys with public exponent smaller than 65536

This is in accordance to what is recommended on the referenced
wiki page: http://wiki.cacert.org/WeakKeys#SmallExponent
---
 includes/lib/check_weak_key.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index 8ad2ccf..59c6cd6 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -173,7 +173,7 @@ function checkWeakKeyText($text)
 			$exponent = $exponent[1]; // exponent might be very big =>
 			//handle as string using bc*()
 
-			if (bccomp($exponent, "3") === 0)
+			if (bccomp($exponent, "65537") < 0)
 			{
 				return sprintf(_("The keys you use might be insecure. ".
 							"Although there is currently no known attack for ".
-- 
cgit v1.2.1