DNSSEC will eventually generate Identical Key ID's

Tony Finch dot at dotat.at
Thu Sep 13 09:47:07 UTC 2018

Warren Kumari <warren at kumari.net> wrote:
> This reminds me of some interesting (well, interesting to me :-)) related
> research Ben Laurie and I did around that time -- while looking at the
> distribution of generated keys I noticed that OpenSSL / GnuTLS generate a
> different distribution than e.g mbedTLS.

Funky. There are all sorts of fun things you can do with less secure RSA
keys, e.g. Mark Wooding's hack for embedding text of your choice in the
base64 of the public key

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Shannon, Rockall: West or southwest 5 or 6, increasing 7 at times. Rough or
very rough, becoming moderate or rough. Rain or showers. Moderate or good.

More information about the bind-users mailing list