Re: PEM_write_bio_RSAPrivateKey assure Randomness of PK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On May 23, 2018, at 1:08 PM, redpath <redpath@xxxxxxxxxx> wrote:
> 
> SO if I add this RAND usage below, em I seeding to assure a different RSA key
> pair each time run of
> creating a RSA pair.
> 
> I would certainly replace the time with the UUID of the device to be unique
> to the device.
> You would have to acquire the device to know the seeding. Hey  keep the Time
> one too.

NO.  Seeding exclusively in this way is a terrible idea and MUST NOT be
done.  You need considerably more randomness than found in a timestamp
or a device serial number.

It is not enough for keys to be unique, they need to be computationally
unpredictable.

If the device is generating keys it needs a decent source of randomness.
Otherwise, keys might need to be generated elsewhere and loaded onto the
device.

-- 
-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux