[19366] in cryptography@c2.net mail archive
Re: RNG quality verification
daemon@ATHENA.MIT.EDU (Alexander Klimov)
Thu Dec 22 12:07:16 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 22 Dec 2005 19:01:40 +0200 (IST)
From: Alexander Klimov <alserkli@inbox.ru>
To: Philipp =?iso-8859-1?q?G=FChring?= <pg@futureware.at>
Cc: cryptography@metzdowd.com
In-Reply-To: <200512221028.47935.pg@futureware.at>
On Thu, 22 Dec 2005, Philipp [iso-8859-1] G?hring wrote:
>
> I have been asked by to verify the quality of the random numbers which are
> used for certificate requests that are being sent to us, to make sure that
> they are good enough, and we don?t issue certificates for weak keys.
Consider an implementation which uses x = time and when
SHA1(hardcoded-string||x), SHA1(hardcoded-string||x+1), etc. as a
starting point to search for primes. Unless you know what is the
hardcoded-string you cannot tell that the random starting point was
not that random: it is very important to realize that randomness is
the property of the source and not of a string.
BTW, note that what you can see in the certificate request for an
RSA key is n and not p and q themselves.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
