> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Graham Leggett
> Sent: Thursday, September 03, 2015 14:43
>
> I have used a deck of playing cards as a source of entropy, saved to a ram
> disk
> on a system with no swap, used then discarded. This has the advantage t
On 3 Sep 2015, at 19:23, Viktor Dukhovni wrote:
> Cat those files into /dev/urandom or /dev/random. That'll mix them
> into the system's entropy pool. Then generate keys as usual from
> /dev/urandom.
I have used a deck of playing cards as a source of entropy, saved to a ram disk
on a system w
On Thu, Sep 03, 2015 at 11:29:01AM -0700, Kevin Long wrote:
> Can I not use the file directly, as to not rely whatsoever on the OS?s PRNG ?
That would be unwise. Much too easy to make a mistake and get that
wrong. The best thing to do with additional entropy sources is to
mix them with existing
Can I not use the file directly, as to not rely whatsoever on the OS’s PRNG ?
> On Sep 3, 2015, at 11:23 AM, Viktor Dukhovni
> wrote:
>
> On Wed, Sep 02, 2015 at 09:53:05PM -0700, Kevin Long wrote:
>
>> I've been asked to use a hardware random number generator to create the
>> keys/certifica
On Wed, Sep 02, 2015 at 09:53:05PM -0700, Kevin Long wrote:
> I've been asked to use a hardware random number generator to create the
> keys/certificates going forward. I have a hardware RNG, and have created
> several files of random numbers using it, and I would like to know:
Cat those files in
Hi Mike (and all).
Thanks for the info. I understand the implications of storing the randomized
data to storage and precautions would be taken to air-gap this info from the
outside world.
> If not, you can use the TRNG for all newly issued certificates moving forward.
Can you pease syntax
Once you've written the random data to secondary storage you've permanently
compromised the integrity of any cryptographic secrets generated from it.
Depending on your threat model, underlying storage media, filesystem, and
other factors the data files may be recoverable indefinitely (especially if
Hello,
I’m using openssl to administer a root/intermediate CA and I use the
certificates for a number of web servers and other applications. All of my
users install my root CA certificate for trust.
I’ve been asked to use a hardware random number generator to create the
keys/certificates go
