> On May 23, 2018, at 1:08 PM, redpath <redp...@us.ibm.com> wrote:
>
> SO if I add this RAND usage below, em I seeding to assure a different RSA key
> pair each time run of
> creating a RSA pair.
>
> I would certainly replace the time with the UUID of the device to be unique
> to the device.
> You would have to acquire the device to know the seeding. Hey keep the Time
> one too.
NO. Seeding exclusively in this way is a terrible idea and MUST NOT be
done. You need considerably more randomness than found in a timestamp
or a device serial number.
It is not enough for keys to be unique, they need to be computationally
unpredictable.
If the device is generating keys it needs a decent source of randomness.
Otherwise, keys might need to be generated elsewhere and loaded onto the
device.
--
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
