On 27 Feb 2019, at 09:07, tomasshredder--- via dev-security-policy <dev-security-policy@lists.mozilla.org<mailto:dev-security-policy@lists.mozilla.org>> wrote:
On Wednesday, February 27, 2019 at 3:27:05 AM UTC+1, Peter Gutmann wrote: Mike Kushner via dev-security-policy <dev-security-policy@lists.mozilla.org<mailto:dev-security-policy@lists.mozilla.org>> writes: EJBCA was possible the first (certainly one of the first) CA products to use random serial numbers. Random serial numbers have been in use for a long, long time, principally to hide the number of certs a CA was (or wasn't) issuing. Here's the first one that came up in my collection, from twenty-five years ago: Thanks Peter, you have an impressive collection (no irony, it is really cool!). We still get asked by customers to implement sequential serial numbers from time to time, but it's getting more and more rare. RFC 3280 (2002) explicitly added handling for random data as serial numbers: Ha, we were way before RFC3280 :-). Just being geeky, here is the code from EJBCA 1.0 (2001-12-05). CSPRNG, although it was seeded differently at that time (setSeed complements not replaces self-seeding in SecureRandom). random = SecureRandom.getInstance("SHA1PRNG"); random.setSeed((long)(new Date().getTime())); byte[] serno = new byte[8]; random.nextBytes(serno); (https://sourceforge.net/projects/ejbca/files/ejbca1/ejbca-1_0/) (Sorry for continuing this off-topic thread.) Hello Tomas, I hope this is indeed not your current implementation and that it wasn’t in use anymore when ballot 164 became effective, because that’s not safe: https://stackoverflow.com/a/27301156 https://android-developers.googleblog.com/2016/06/security-crypto-provider-deprecated-in.html > You should never call setSeed before retrieving data from the "SHA1PRNG" in > the SUN provider as that will make your RNG (Random Number Generator) into a > Deterministic RNG - it will only use the given seed instead of adding the > seed to the state. In other words, it will always generate the same stream of > pseudo random bits or values. Best regards, Thijs _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy