Exactly. So you need about 112 bits of "entropy" / Pass Phrase to generate a good 2048 bit key. Remember that the vast majority of 2048 bit numbers are not valid key pairs.
My question is, has this been done, or would it be easy to do given the existing structure. Anthony On Mon, Feb 20, 2012 at 2:49 AM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Sat, Feb 18, 2012, Edward Ned Harvey wrote: > > > > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > > > us...@openssl.org] On Behalf Of anthony berglas > > > > > > Taking a different slant, is it possible to provide the "Entropy" > using a > > pass > > > phrase. So a given pass phrase will always generate the same key pair. > > This > > > means that for simple applications no key store is required. Much like > > > password based (symmetric) encryption. > > > > > > Any ideas as to how hard that would be to do with Open SSL? Has anyone > > > else done it? > > > > You want at least 2048 bits of entropy. That's a very long passphrase. > > Also, unless you randomly generate your passphrase in hex or binary, it's > > bound to be a lot less than 2048 bits of entropy even if it's 2048 bits > > long. > > > > It depends on the key length and the algorithm in question. For example > for an > 2048 bit RSA key the equivalent comparable security strength is 112 bits > (see > SP800-57 et al). > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Dr Anthony Berglas, anth...@berglas.org Mobile: +61 4 4838 8874 Just because it is possible to push twigs along the ground with ones nose does not necessarily mean that that is the best way to collect firewood.