On 18.02.2012 22:47, Edward Ned Harvey wrote: >> Any link to the studies? - I was not able to find anything relevant. >> Is this related to the 2008 Debian OpenSSL snafu? > > Not the debian thing. > > http://arstechnica.com/business/news/2012/02/crypto-shocker-four-of-every-10 > 00-public-keys-provide-no-security.ars
Thank you and Kurt for the links, it is quite an interesting reading. The https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs link suggests that the majority come from embedded devices. This is much too often just "generate a key on the first boot" - enough said. On 18.02.2012 17:02, Edward Ned Harvey wrote: > When I make a backup copy of ~/.rnd, and generate some keys, > and then restore ~/.rnd and re-generate the keys... My keys > come out different. Which suggests either (a) It's not > actually using my ~/.rnd file as the random seed, or > (b) It's using ~/.rnd in conjunction with something else > such as urandom. I interpret http://www.openssl.org/support/faq.cgi#USER1 such that the /dev/urandom is always used if present and the RNG used is additionally seeded by RANDFILE. So your keys are different, but if the available entropy in /dev/urandom was insufficient, they will be not as random as you'd wish. This thread has some information http://www.mail-archive.com/openssl-users@openssl.org/msg54172.html and seems to back it: This internal PRNG is seeded from different sources. These external sources can be provided explicitly (as with the "-rand" option of genrsa) or via RAND_add() within an application. As on several occasions people were given bad advice to abuse "-rand" or RAND_add() with bad entropy sources we have decided to always add additional bytes from /dev/urandom if available on the system. > so I can be assured (and assure my boss and shareholders) that > I have truly random generated keys when I generate them using > openssl. Use a hardware based on true random physical process. This one is quite low-cost: http://www.entropykey.co.uk/ (no experience, I just googled for what is available). If not practical, seed your RANDFILE with /dev/random data before generating keys. -- Stano ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org