On Tue, Dec 11, 2012 at 6:27 PM, redpath <redp...@us.ibm.com> wrote: > When using this command > > openssl genrsa -out test.pem 2048 > > an RSA pair is created. Its not so much I want to know how a pair is > randomly selected > but how secure is that random selection. It depends. In theory, the way entropy is gathered and managed is enough.
In practice, there are practical problems: "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices," https://factorable.net/paper.html The authors then went on to break secure channels between traffic reporting systems and cell phones: "Traffic sensor flaw that could allow driver tracking fixed," http://www.csoonline.com/article/723229/traffic-sensor-flaw-that-could-allow-driver-tracking-fixed > Random number generators are a series > and this selection could be followed for brute force deciphering. There are ways other than brute forcing. I would bet Nadia Heninger, Zakir Durumeric, Eric Wustrow, and Alex Halderman did not brute force their break of the traffic system. Linux 3.x kernels have entropy starvation issues due to decisions to stop using IRQ interrupts (removal of the IRQF_SAMPLE_RANDOM flag, without an alternative to gather entropy). The 2.x kernels start weak, but improve over time. Bottom line: use an Entropy Key (http://www.entropykey.co.uk/), HSM or other hardware to get your RNG/PRNG in good working order quickly. You can go to random.org and it will likely be an improvement. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
