Today, 16 years ago, Debian published a security advisory announcing CVE-2008-0166, a severe bug in their OpenSSL package that effectively broke the random number generator and limited the key space to a few ten thousand keys. The vulnerability affected Debian+Ubuntu between 2006 and 2008. In 2007, an email signature system called DKIM was introduced. Is it possible that people configured DKIM in 2007, never changed their key, and are still vulnerable to CVE-2008-0166? https://16years.secvuln.info/
@hanno Possible you could check the DNS records for entries that haven't been modified since 2008.
Would you rather have an email from someone that has no DKIM or a DKIM from 2007?
@hanno@mastodon.social i´m using one of the email providers mentioned- oh no :neocat_googly_shocked:
@hanno I have I scanner for dkim keys... 🤔