On Tue, Dec 11, 2012 at 3:27 PM, redpath <redp...@us.ibm.com> wrote: > When using this command > > openssl genrsa -out test.pem 2048 > > an RSA pair is created. Its not so much I want to know how a pair is > randomly selected > but how secure is that random selection. Random number generators are a > series > and this selection could be followed for brute force deciphering.
> Random number generators are a series This is not invariably true, and in any case most depend for their security on the availability of a small amount of entropy for seeding - /dev/random is suitable, esp. on BSD systems that use a Yarrow-based mixer. There are side channel attacks against RSA key generation, but guessing random numbers isn't one of them. The real question is how the probable primes are selected. - Select an interval near the desired size - Sieve out composites divisible by small primes - Select two probable primes such that (p - q) is reasonably large (2^100 or so) to defeat the difference-of-squares method - Perform enough primality tests to convince yourself they're prime ;-) - other common criteria aren't really helpful - e.g. strong primes (they were never necessary for RSA), restrictions on p-1 and q-1 (Elliptic Curve Method factoring makes those obsolete) I can't answer the question about genrsa, I haven't looked at the code in a very long time. But I observe that openssl is maintained by a lot of smart folks who are always responsive to reported exploits and vulnerabilities. Maybe Dr. S.H. will chime in... - M ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
