Hi there,
On Fri, 26 Nov 1999, Mark Shuttleworth wrote:
> Hi all
>
> We have a customer project that requires the rapid generation of RSA
> keys and figure OpenSSL would be good.
>
> Is there any documentation on how to maximize the security of the key
> generation in OpenSSL? Is there any way to increase the amount of
> entropy fed to genrsa? Are there any known problems with OpenSSL's RSA
> key generation algorithms? We'd normally use dedicated units but in this
> case a software solution would work better.
If you have ready access to dedicated hardware you could use it to seed
the PRNG in OpenSSL? Presumably that would address your entropy worries
but leave the actual RSA keygens in software. As for know problems with
OpenSSL's RSA keygen - not that I'm aware of but I think it'd be fair to
say that the PRNG (and its seeding) probably has a better chance of being
weak than the RSA keygen would be if you've seeded the PRNG with enough
good entropy. (well ... at least when comparing it to other tools IMHO).
I can't recall whether the prime number generation uses sequential
candidates or an arithmetic sequence (or even something else) but I don't
think that would qualify as a "known problem" either way ...
Cheers,
Geoff
----------------------------------------------------------------------
Geoff Thorpe Email: [EMAIL PROTECTED]
Cryptographic Software Engineer, C2Net Europe http://www.int.c2.net
----------------------------------------------------------------------
May I just take this opportunity to say that of all the people I have
EVER emailed, you are definitely one of them.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
