[Pkg-openssl-devel] bad debian openssl and -rand option
emaxx-debian
emaxx-debian at davex.nl
Fri May 16 09:48:19 UTC 2008
Hi,
I'm not sure this is the right place for my question, but I guess you
will tell me if not.
I have some SSL keys and certificates that were generated by the bad
openssl library under Debian Etch. Before the DSA was out, I already
hoped to add extra randomness by using the '-rand' command line option:
openssl genrsa -des3 -rand random.dat -out ${HOSTNAME}.pem 1024
random.dat (about 2.5 megabytes) was created on the fly with:
dump -f random.dat /dev/random
My questions are:
- Are these certificates just as unthrustworthy when I didn't use the
-rand option?
- Does the entropy from random.dat give me enough uniqueness to keep on
using these certificates (they are used for an public governmental website)?
Thanks!
Regards,
Vince.
More information about the Pkg-openssl-devel
mailing list