[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation

       The  amount  of  seed material required to generate a cryptographic key
       equals the effective key size of the key.  For example, a 3072-bit  RSA
       or Diffie-Hellman private key has an effective key size of 128 bits (it
       requires about 2^128 operations to break) so a key generator only needs
       128 bits (16 bytes) of seed material from /dev/random.

       While  some  safety margin above that minimum is reasonable, as a guard
       against flaws in the CPRNG algorithm, no cryptographic primitive avail‐
       able  today  can  hope to promise more than 256 bits of security, so if
       any program reads more than 256 bits (32 bytes) from the kernel  random
       pool  per  invocation, or per reasonable reseed interval (not less than
       one minute), that should be taken as a sign that  its  cryptography  is
       not skillfully implemented.

-- urandom(4)

This seems to be the approach openssl is taking. Contrast with gpg,
which seems to read one bit of entropy per bit of the key being

(Still don't understand why openssl(1) can be intended for debugging
only given the documentation shipped in openssl, or how that would be a
viable excuse at all if it generated bad keys.)

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: