Hi Lijun, Entropy is required in serial numbers to protect against weak hash functions -- historically exploitation of MD5's weakness was possible because CAs used sequential serial numbers, thus allowing an attacker to pre-compute hash prefixes, because they could predict future data that would be signed's prefix. The exact value of 64 comes out of a Microsoft Root Program requirement that was later incorporated into the BRs, as I recall.
Cheers, Alex On Fri, Apr 5, 2019 at 11:20 AM Lijun Liao via dev-security-policy < [email protected]> wrote: > In the last days, the issue related to the 63 bit serial number by using > the default configuration of EJBCA poped up in many forums. > > Could someone please explain why the BR requires the minimal entropy to be > 64 bit? > > Best regards > Lijun > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
