[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

On Sat, Jul 19, 2014 at 05:41:41AM -0400, Theodore Ts'o wrote:
> I take a somewhat different philosophical position, which is that it's
> impossible to make something moron-proof, because morons are
> incredibly ingenious :-), and there are legitimate times when you
> might indeed want more than 256 bytes (for example, generating a 4096
> bit RSA key pair).

I believe 128 bit entropy should be sufficient to generate a 4096
bit RSA key, but you might want to take some more.  I think 2048
bit (256 byte) is a little bit overkill for it, and I'm not sure
what amout of entropy the kernel can really give.


Reply to: