Jean-Daniel wrote to mozilla.dev.security on 2009-01-20 10:42 PST: > Hello, I'm trying to generate a keypair using nss, but I encounter some > issue. My key generation can take up to 30 seconds on a recent machine > (Core 2 Duo 2.2 Ghz) (most generation take less the 10 seconds, and > sometimes less than 5 seconds, but even 10 seconds is more than what I > expect).
What version of NSS? What OS? Can you list the .o (or .obj) files built under nss/lib/freebl/* > Did I miss something. Is there any magic flag to improve this ? Or a > faster RSA keygen function in nss ? I have an AMD Athlon 64 running at 2.2 Ghz. I did a test generating a bunch of 2k bit RSA key pairs. I repeatedly executed the command time certutil -d DB -G -g 2048 -f pwfile -z noisefile I found that average time was 2 seconds, maximum was 17 seconds, minimum was under 1/2 second. These seem like expected/normal times to me. I'm surprised that your system is taking much longer. Generating a 2k bit RSA key requires finding two 1k bit prime numbers. At that size, prime numbers are pretty sparse and it can take a long time, sifting through lots of numbers, to find a prime that big. There is natural variability in that process because prime numbers are not uniformly distributed in the number space. But still, I don't expect your times to be a large multiple of my times, given similar CPUs and speeds. Please follow up in the mozilla.dev.tech.crypto news group. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto