[Pkg-openssl-devel] bad debian openssl and -rand option
Kurt Roeckx
kurt at roeckx.be
Wed May 21 18:23:34 UTC 2008
On Wed, May 21, 2008 at 11:42:12AM +0200, emaxx-debian wrote:
> emaxx-debian wrote on 16-5-2008 11:48:
> > Hi,
> >
> > I'm not sure this is the right place for my question, but I guess you
> > will tell me if not.
> >
> > I have some SSL keys and certificates that were generated by the bad
> > openssl library under Debian Etch. Before the DSA was out, I already
> > hoped to add extra randomness by using the '-rand' command line option:
> >
> > openssl genrsa -des3 -rand random.dat -out ${HOSTNAME}.pem 1024
> >
> > random.dat (about 2.5 megabytes) was created on the fly with:
> >
> > dump -f random.dat /dev/random
> >
> > My questions are:
> > - Are these certificates just as unthrustworthy when I didn't use the
> > -rand option?
> > - Does the entropy from random.dat give me enough uniqueness to keep on
> > using these certificates (they are used for an public governmental website)?
> >
>
> Since I didn't get any response on my question above, can somebody
> please tell if this is the right place te ask my questions about the
> openssl debian package?
>
> Since some SSL keys generated by me could be in danger, I really like an
> answer or a pointer where to ask my question.
No source of random data could ever get added to the PRNG. The -rand
option was useless.
Kurt
More information about the Pkg-openssl-devel
mailing list