Andrew Cooke <[EMAIL PROTECTED]> writes:
> > 1. The server's generation of its ephemeral DH key.
> > 2. The server's DSA signature.
> > 3. The client's generation of its ephemeral DH key.
[snip]
> I've dug out the nearest I can get to what made me think random numbers
> were critical for DH key exchange and it's here:
> http://remus.prakinf.tu-ilmenau.de/ssl-users/archive9809/0124.html - the
> last quoted section (the main post is from me - I can't find the post I
> was replying to). It's talking about two things (afaik) - is the first
> (2) above?
Yes, this is a serious worry. OTOH, if you managed to securely
generate a private key, you must have had plenty of entropy
around at the time. You can store this entropy (using OpenSSL's
random seed file) and use it at signing time. Moroever, the random
number for DSA signing (k) only has to be 20 bytes long.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
