Jaime Hablutzel via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>>>Again, maths were wrong here, sorry. Correct calculation is: >>> >>>log2(18446744073708551615) = 63.99999999999993 >> >>I love the way that people are calculating data on an arbitrarily-chosen value >>pulled entirely out of thin air > >Can you confirm if the motivation for the "64 bits of output from a CSPRNG" >can be found in [1]?. I actually thought it was from "Chosen-prefix collisions for MD5 and applications" or its companion papers ("Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate", "Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities"), but it's not in any of those. Even the CCC talk slides only say "We need defense in depth -> random serial numbers" without giving a bit count. So none of the original cryptographic analysis papers seem to give any value at all. It really does seem to be a value pulled entirely out of thin air. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy