[openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK
Marian Beermann
public at enkore.de
Wed May 23 18:47:41 UTC 2018
On 23.05.2018 20:39, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>> Of redpath
>> Sent: Wednesday, May 23, 2018 13:08
>> To: openssl-users at openssl.org
>> Subject: Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure
>> Randomness of PK
>>
>> SO if I add this RAND usage below, em I seeding to assure a different RSA key
>> pair each time run of creating a RSA pair.
>
> You'll get a *different* key pair (with high probability) each time, provided you wait at least a second between generating keys. That is, if you get anything at all; you may not, if there isn't enough entropy in the pool.
>
> You'll also get completely pointless keys, because the wall-clock time contains little entropy.
>
> As Viktor wrote: DO NOT DO THIS. If you don't understand why, stop trying to use cryptography until you've learned enough about the subject to be a bit less dangerous.
>
... if this is code going in the general direction of "production
deployment", then get a crypto-person on board, or at least get them to
review and sign off the code. Otherwise this *will* end in a debacle.
-Marian
More information about the openssl-users
mailing list