On Fri, Apr 29, 2016 at 12:42:28AM -0700, Nick Lamb wrote: > There is an absolutely objective test, but it is negative. If anyone can > predict N-bits of your next serial number then those N-bits were by > definition predictable. To give a concrete example if you issued with 16 > digit serial numbers, but the first 8 are YYYYMMDD from the actual date, > any bad guy can predict those numbers in the next certificate, thus they > don't constitute entropy / unpredictable bits, so your serial numbers have > no more than 8 digits of entropy in this scenario.
Even more fun: what if the serial number is MD5(YYYYMMDDHHmmss)? In that case, comparing two serial numbers makes them all *look* awesomely random, until someone figures out "the secret", at which point pretty much all the bits are predictable, even though there's no "obvious" pattern from examining the serials themselves. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
