On Wed, 6 Aug 2008 11:17:12 +0200, Sake Blok <sake@xxxxxxxxxx> wrote:
> May I have your votes please? ;-)
>
> 1) Don't include the code at all
> 2) Change the code to only identify the weak keys, but not use it
> to decrypt the SSL traffic (would this also be CPU intensive?)
> 3) Add the code as is, including decryption of SSL traffic
I vote for 2. As others have pointed out, brute-forcing decryption would
move Wireshark into an entirely different application category and limit
its use. However, it would be silly to reject the patch altogether since
this would be a great feature to have. (We could also use weak SSH key
detection, BTW). I'd prefer to have weak key IDs added to the tree
along with an expert item, but no automatic decryption.
Of course, once you identify a weak key there's nothing stopping you from
using Lua or an external script to build a corresponding ssl.keys_list
preference line. :)