RNG quality verification
David Wagner
daw at cs.berkeley.edu
Thu Dec 22 16:13:13 EST 2005
Philipp G#ring <pg at futureware.at> writes:
>I have been asked by to verify the quality of the random numbers which are
>used for certificate requests that are being sent to us, to make sure that
>they are good enough, and we don´t issue certificates for weak keys.
Go tell whoever wrote your requirements that they (to be frank) don't
know what they're talking about. What they're asking for doesn't make
any sense. You should ask them what problem they're trying to solve.
Don't let them try to tell you how to solve it; you just need to know
the goal, not the mechanism.
The standard solution is to just not worry about this at all, and say
that it is the user's responsibility to choose good random numbers.
If the user fails to do so, they're the one who bears the costs of their
failure, so why should you care?
If the goal is to hold the hands of your users, then you might want to
think carefully about whether you want to be in that business, what are
the most likely failure modes, and what is the best way to deal with it.
(Trying to check whether their numbers are random probably isn't the best
answer.) Most CA's have gravitated towards the opinion that that's not
something they can control, nor do they want to, nor should they -- and
that sounds reasonable to me. But if you want to be in the hand-holding
business, you're going to have to do an awful lot more than just check
the random numbers.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list