[openssl-users] Clearing up some of my mistakes on serial number

Robert Moskowitz rgm at htt-consult.com
Sun Aug 20 12:35:43 UTC 2017

It is 64 - 160 BITS

Which is 8 - 20 OCTETS

or 4 - 10 BYTES


openssl rand -hex n

Generates n BYTES

Thus what openssl does by default for a self-signed cert, e.g. a root CA 
cert of a serial of 8 BYTES is indeed Best Practice, given that if the 
first bit were ONE, the serial would then be 8 BYTES.

I had to slow down, take a step away, to see that I was tripping my self 
up on the OCTET/BYTE bit.

So I am correcting my guide to use

openssl rand -hex 8

And the probability of a collision is just not worth talking  about.

in a population of 2^64, 1 million random selections has a 2.7E-6 % 
collision probability.

You go up to 1 billion and the probability does drop to 2.7%.

In a population of 2^159, you have to select 10^18 to get a collision 
probability of 6.8E11 %; just not worth dealing with.

So randomly selecting serial numbers will unlikely result in collisions 
if you are doing this for you IoT run of 10 million per year, using an 8 
BYTE serial number.

And since we are using SHA256 with ECDSA, the known attacks are just not 
real.  Yet.

So in my highly biased opinion....

If you have the memory and bandwidth, go ahead with 8 bytes for serial.

In constrained IoT, 4 bytes works.

Also going to next look at BER over DER for IoT usage.

BTW the above calculations are based on:

p = 1 - e^{-k^2/(2n)}

Where n = total population and k is selected subset.


More information about the openssl-users mailing list