Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
On Sat, Jul 19, 2014 at 05:41:41AM -0400, Theodore Ts'o wrote:
>
> I take a somewhat different philosophical position, which is that it's
> impossible to make something moron-proof, because morons are
> incredibly ingenious :-), and there are legitimate times when you
> might indeed want more than 256 bytes (for example, generating a 4096
> bit RSA key pair).
I believe 128 bit entropy should be sufficient to generate a 4096
bit RSA key, but you might want to take some more. I think 2048
bit (256 byte) is a little bit overkill for it, and I'm not sure
what amout of entropy the kernel can really give.
Kurt
Reply to:
- References:
- Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Toni Mueller <support@oeko.net>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Paul Tagliamonte <paultag@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Steven Chamberlain <steven@pyro.eu.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Russ Allbery <rra@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Ben Hutchings <ben@decadent.org.uk>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Russ Allbery <rra@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Johannes Schauer <j.schauer@email.de>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Theodore Ts'o <tytso@mit.edu>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Kurt Roeckx <kurt@roeckx.be>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
- From: Theodore Ts'o <tytso@mit.edu>