* Deane Sloan wrote on Thu, May 29, 2008 at 04:47 +1200: > stated, the overall risk of generating such a key on an unaffected > system is (extremely?) small for the security that a 2048bit RSA private > key is intended for?
The risk to generate one specific key of 2^16 (or how small was the key space?) should be `roughly the same' compared to 2048 Bit RSA, as to generate one specific key (when assuming perfect strong generation). That means, the risk that you accidently generate exactly the same key as I generated is of almost the same order of magnitude. This also was acceptable before the debian issue :) Of course you are right, this probably happens all few billion years in one of the known universes and theoretically it could even happen with the key you are generating right now :-) If someone would not accept the risk of randomness / entropy with their properties, using cryptography in this case probably would be no option, but I think in all `practical situations' such extremely unbelievable rare events (as strong key generation producing collisions) should not be overstated. oki, Steffen About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
