RNG quality verification
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Thu Dec 22 12:10:57 EST 2005
On Thu, Dec 22, 2005 at 10:28:47AM +0100, Philipp G?hring wrote:
> I think the better way would be if I had a possibility to verify the quality
> of the random numbers used in a certificate request myself, without the
> dependence on the vendor.
This is impossible. You don't see the raw "random" inputs: the CSR does
not disclose the input primes, it only discloses their product. The real
problem is deeper: there is no such thing as a single number that is or
is not random, a random *process* produces the same discrete outputs as
a similar non-random process.
Furthermore, it is impossible to prove an untrusted sampled process to be
securely random. To have *assurance* of randomness you need to participate
in the process, and to have access to the raw random data. This of
course you cannot do as a CA, because you don't have legitimate access
to the private keys. If you must police the users, hand them their keys
on smart cards (or other suitable hardware) that you initialize.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list