"Arnold G. Reinhold" wrote:
>
> I wonder if you are confusing the length in bits of a PKC key, e.g. a
> prime factor of an RSA public key, with the entropy of that private
> key. The prime factor may be 512 bits long, but it usually does not
> have anyway near 512 bits of randomness. Usually a secret prime is
> generated by adding a 128 or 160-bit random quantity to some
> non-secret base and then selecting the next prime number. In such a
> scheme a 20 bytes (160 bits) random pool is not unreasonable for
> generating one key or a small number of keys.
In what sense is this "usual"? Who does it this way?
> On general principles I would prefer a larger pool of randomness,
> especially if it is available in the operating system, but if the 20
> bytes are truly random, I don't think you can call the keytool scheme
> insecure.
Certainly 160 bits of randomness would make it hard to crack!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
