On Wed, Sep 25, 2002 at 07:58:54PM +0200, Federico Sauter wrote: > > Hi all!! > > > Now I?ve got a security question: would it be safe to generate a (very > secret and important) symmetric key from a private RSA key? I mean > theorically you should not be able to reverse a hash function (in this > case one of the EVP-family of functions for symmetric ciphers) but is it > really safe? What do you think about it?
the best symmetric key is unpredictable one and the best source is a good random number generator. Yes, hash function could make generator output better and is often a part of it. There's no black magic in RSA keypair, it's just another output of random number generator, tested to fit some requirements. Yes, there should be no chance to reverse random number generator state given some outputs. You need to determine randomness sources available and feed them all into generator to (re)seed it. Be creative, it's the basis for security. good luck, Vadim -- Naina library: http://www.unity.net/~vf/naina_r1.tgz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
