On 29/04/16 09:24, Kurt Roeckx wrote:
On 2016-04-29 09:42, Nick Lamb wrote:
I'm sure Rob can give a more technical answer, but my understanding is
that crt.sh doesn't (and probably can't) detect that individual
certificates have enough entropy, instead it flags certificates based
on the length of the serial numbers. So it's neither sufficient nor
necessary that every certificate from an issuer should pass the test
in crt.sh, but it is very suspicious if many or all certificates from
a particular issuer fail this test.
I think it's the output of certlint that gives that.
Yes. e.g. https://crt.sh/?cablint=38
My understanding
is that it gives that warning when the serial is not long enough.
Seems so. See
https://github.com/awslabs/certlint/blob/master/lib/certlint/cablint.rb#L69
If it's 56 bit instead of 64 bit, there is only a 1/256 chance that that
certificate has 64 bit random bits. If all certificates only have 56
bit, the chance that it has 64 unpredictable bits approaches 0 very fast.
The current BRs talk about 20 bit entropy instead. You really need to
check that over multiple certificates and can then calculate something
like the Shannon entropy or min entropy.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
