Re: Need input for Certificate generation

Thu, 15 Nov 2012 07:43:49 -0800 

On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai <pravesh....@gmail.com> wrote:
> Hi,
>
> At one place, we are using following logic for generating self-signed
> certificate:
>
> #define SEED_SIZE 128
>
> k = RAND_status();
> while(k == 0)
> {
> // custom logic for getting random numbers from system variables
> ...
>
> CryptGenRandom(hCryptProv, SEED_SIZE, buf);     // On Windows OS
> apr_generate_random_bytes(buf, SEED_SIZE);      // On Linux OS
Hugh? What's wrong with /dev/{u}rand, /dev/hwrand, and vritio_prng?

>
> //RAND_seed(buf, SEED_SIZE);
> RAND_add(buf, SEED_SIZE, (20/100) * SEED_SIZE);
>
>       k = RAND_status();
>
> }
I'm not sure 20% effective entropy is a good estimate here. If its
coming from the OS, its likely higher. If its coming from an Entrop
Key or other hardware device, I would estimate it nearly 100% (if not
100%)

Plus, there may be a bug there. Perform a cast to a double before the divide:
    ((double)20/100) * SEED_SIZE

>
> RSA_generate_key(2048, RSA_F4, NULL, NULL);
>
Reasonable.

> Even though RAND_status() always return 1 (OK), our analysis shows that the
> certificates generated using this logic is not having enough entropy. Also
> tried another approach of calling RAND_seed / RAND_add, without checking for
> RAND_status(), but even that doesn’t help.
Citation, please. Is this a headless server? Or being run in
virtualized environment?

> Can anybody please help me in understanding the limitation of this logic or
> suggest any other approach?
Add entropy via an Entropy Key, fetch bytes from random.org (be sure
to pin the certificate), or do some key agreements and feed the peer's
pubic key back into OpenSSL's PRNG (see paper below).

"When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities
and Hedging Deployed Cryptography",
www.isoc.org/isoc/conferences/ndss/10/pdf/15.pdf. I actually use their
techniques (hedging) on everything, even mobile devices.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to