bug-1292: prohibit keys with public exponent smaller than 65536 bug-1292
authorFelix Dörre <felix@dogcraft.de>
Sat, 26 Jul 2014 22:54:34 +0000 (00:54 +0200)
committerFelix Dörre <felix@dogcraft.de>
Sat, 26 Jul 2014 22:54:34 +0000 (00:54 +0200)
This is in accordance to what is recommended on the referenced
wiki page: http://wiki.cacert.org/WeakKeys#SmallExponent

includes/lib/check_weak_key.php

index 8ad2ccf..59c6cd6 100644 (file)
@@ -173,7 +173,7 @@ function checkWeakKeyText($text)
                        $exponent = $exponent[1]; // exponent might be very big =>
                        //handle as string using bc*()
 
                        $exponent = $exponent[1]; // exponent might be very big =>
                        //handle as string using bc*()
 
-                       if (bccomp($exponent, "3") === 0)
+                       if (bccomp($exponent, "65537") < 0)
                        {
                                return sprintf(_("The keys you use might be insecure. ".
                                                        "Although there is currently no known attack for ".
                        {
                                return sprintf(_("The keys you use might be insecure. ".
                                                        "Although there is currently no known attack for ".