[Cryptography] Opinions requested on Sample Root Certificate
Paul F Fraser
paulf at a2zliving.com
Tue Jan 16 23:35:37 EST 2018
On 17/01/2018 9:59 AM, Philipp Gühring wrote:
> Hi,
>
> For root certificates (and other high-value certificates), I suggest that
> you also measure the entropy in the private key. The way I suggest to do
> it is to generate 10000 similar root certificates, all with different
> private keys, then take/extract the private keys from 9999 certificates,
> cut out the entropic parts of the private keys (usually cutting off the
> first and the last few bits), and then concatenate the entropic parts all
> together. Then use random analysis tools like dieharder, or my service at
> http://www.cacert.at/random/ to analyze the resulting bit-stream for
> anomalies. If it looks like good random numbers, then the remaining
> certificate is good to be used.
> This protocol ensures that a minimum quality of entropy really ends up in
> the private keys, and is able to detect both weaknesses in random number
> generators and weaknesses in certificate/private key generators.
>
> Best regards,
> Philipp
>
>
Thanks Philipp,
Sounds like a good idea, when/if time available I will have a go at the 9999 plan.
Paul
More information about the cryptography
mailing list