Re: Using set_serial to control serial number size directly

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

➢ Thus how large does this random number have 

It’s also to protect against predicting serial numbers and being able to leverage that.  It’s not just (nor really mainly) the MD5 digest attacks.  According to CABForum, you need 8 octets.  No reason not to use more if you can.


➢ page was talking about in conjunction with the -CA option. With 'openssl 
    ca' use of the serial file is mandatory according to the man page.  
    There are no command line options for it.

Fixed in master and will be part of the next releases; the –rand_serial flag.    

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux