On the cablint report for the 20 bits of entropy, https://crt.sh/?cablint=38, there are 20 certificates that were listed. If this changes to 64 bits, how many more certificates will be on the list?
From: [email protected] [mailto:[email protected]] On Behalf Of Ben Wilson Sent: Monday, April 18, 2016 10:25 AM To: CABFPub <[email protected]> Subject: [cabfpub] FW: Pre-Ballot 164 - Certificate Serial Number Entropy Forwarding From: Kane York [mailto:[email protected]] Sent: Monday, April 18, 2016 10:23 AM To: Ben Wilson <[email protected] <mailto:[email protected]> >; Erwann Abalea <[email protected] <mailto:[email protected]> > Cc: [email protected] <mailto:[email protected]> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy On Fri, Apr 15, 2016 at 7:52 AM Ben Wilson <[email protected] <mailto:[email protected]> > wrote: I didn’t think it was that simple. For instance, see https://en.wikipedia.org/wiki/Password_strength From: Erwann Abalea [mailto:[email protected] <mailto:[email protected]> ] Sent: Friday, April 15, 2016 8:44 AM To: Ben Wilson <[email protected] <mailto:[email protected]> > Cc: CABFPub <[email protected] <mailto:[email protected]> > Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy Bonjour, 20 bits of entropy is the same as 20 bits unpredictable bits. Whence, 64 bits of entropy is a higher requirement than 20 bits of entropy. Cordialement, Erwann Abalea No, it definitely is that simple. I think the confusion here is the definition of "hex characters". > Our CA issues certificates with 32 hexadecimal characters for the serial > number. This is not possible - you cannot have 32 ASCII characters in the serial number. The most likely truth given that explanation is that you have 16 fully random bytes. Which would be 16 * 8 = 128 random bits, satisfying the entropy requirements. 3 fully random bytes would satisfy the 20-bit requirement. 6 fully random hexadecimal ASCII characters encoded in the serial number would satisfy the 20-bit requirement. 8 fully random bytes is required to satisfy the 64-bit requirement. 16 bytes with 4 bits of entropy each, which ASCII-encoded hexadecimal would be, would satisfy the entropy requirement and leave you 3.875 bytes left over for other information. Le 15 avr. 2016 à 16:32, Ben Wilson <[email protected] <mailto:[email protected]> > a écrit : Forwarding From: Man Ho (Certizen) [ <mailto:[email protected]> mailto:[email protected]] Sent: Thursday, April 14, 2016 7:51 PM To: Ben Wilson < <mailto:[email protected]> [email protected]>; Ryan Sleevi < <mailto:[email protected]> [email protected]> Cc: <mailto:[email protected]> [email protected] Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy Ben, We had already changed our system to issue SSL certificates with 20 hexadecimal characters of at least 20-bit of entropy since 2014. I'm just wondering why the requirement is changed from "bits of entropy" to "unpredictable bits", which I don't understand the conversion (like "cm" to "inch" :). I don't know whether our software vendor understands it. Man On 4/15/2016 4:24 AM, Ben Wilson wrote: You’re right, given a randomly generated 20-byte serial number, you have 159 unpredictable bits. From: Ryan Sleevi [ <mailto:[email protected]> mailto:[email protected]] Sent: Thursday, April 14, 2016 2:03 PM To: Ben Wilson <mailto:[email protected]> <[email protected]> Cc: Man Ho (Certizen) <mailto:[email protected]> <[email protected]>; <mailto:[email protected]> [email protected] Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy Ben: Are you sure your math is correct? A serial number is 20 bytes, with the high bit needing to be 1 (for the encoding of positive INTEGERS within DER). This leaves 159 bits for entropy. So you certainly can't have more unpredictable bits than that :) On Thu, Apr 14, 2016 at 12:59 PM, Ben Wilson < <mailto:[email protected]> [email protected]> wrote: Man, Have you had a chance to do further research on the capabilities of your system? Our CA issues certificates with 32 hexadecimal characters for the serial number. There are 4 bits of entropy for each hexadecimal character. Therefore, our serial numbers have 128 bits of entropy and 16*32= 512 unpredictable bits. An 8-hexadecimal character serial number would have 32 bits of entropy and 128 unpredictable bits. A 20-bit entropy would be equal to 5 hexadecimal characters, or 80 unpredictable bits, so this seems like this is a downgrade to go to 64 unpredictable bits. Am I right? Ben From: Man Ho (Certizen) [mailto: <mailto:[email protected]> [email protected]] Sent: Wednesday, March 23, 2016 12:27 AM To: Ben Wilson < <mailto:[email protected]> [email protected]>; <mailto:[email protected]> [email protected] Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy Hi all, Is the meaning of "at least 64 unpredictable bits" setting the same or a higher requirement than "at least 20 bits of entropy" ? I'm not quite sure whether our certificate generation software has this setting in itself. Cheers Man On 3/1/2016 12:21 AM, Ben Wilson wrote: REPLACE "CAs SHOULD generate non-sequential Certificate serial numbers that exhibit at least 20 bits of entropy" WITH "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater than zero (0) that contains at least 64 unpredictable bits." _______________________________________________ Public mailing list <mailto:[email protected]> [email protected] <https://cabforum.org/mailman/listinfo/public> https://cabforum.org/mailman/listinfo/public _______________________________________________ Public mailing list <mailto:[email protected]> [email protected] <https://cabforum.org/mailman/listinfo/public> https://cabforum.org/mailman/listinfo/public _______________________________________________ Public mailing list [email protected] <mailto:[email protected]> https://cabforum.org/mailman/listinfo/public
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
