RNG quality verification
Philipp Gühring
pg at futureware.at
Thu Dec 22 04:28:47 EST 2005
Hi,
I have been asked by to verify the quality of the random numbers which are
used for certificate requests that are being sent to us, to make sure that
they are good enough, and we don´t issue certificates for weak keys.
The client applications that generate the keys and issue the certificate
requests are the usual software landscape OpenSSL, IE, Firefox,
SmartCards, ... and we would like to be able to accept all normally used
software.
We are being asked to either issue the keys for our users (I don´t want to),
or alternatively demand the users to have good quality random numbers with a
contract for the user. Now it might be easy that I demand the user to have
good random numbers, but the first question will likely be "and how do I do
that?" or "which software/hardware does that?"
So I guess I have to ask the vendors, whether ther random numbers are good
enough. But what if they just say "yes" or "no"?
I think the better way would be if I had a possibility to verify the quality
of the random numbers used in a certificate request myself, without the
dependence on the vendor.
From what I remember of the usual RSA key generation, random numbers gathered
are being put into a field with the expected keysize. Then the first and last
bit is set to 1, to make sure that the key has the necessary size, and to
have it odd (not to be devidable by 2). Then it is verified for primeness,
and if the check is ok, the number is used.
So if I extract the key, remove the first and the last bit, then I should have
the pure random numbers that are being used. If I do that with lots of keys,
I should have a good amount of random material for the usual statistical
tests.
Am I right? Am I wrong?
Has anyone done that before?
Any other, better ideas?
Should I do it that way?
Best regards,
Philipp Gühring
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list