[Pkg-openssl-devel] bad debian openssl and -rand option

emaxx-debian emaxx-debian at davex.nl
Wed May 21 09:42:12 UTC 2008


emaxx-debian wrote on 16-5-2008 11:48:
> Hi,
>
> I'm not sure this is the right place for my question, but I guess you 
> will tell me if not.
>
> I have some SSL keys and certificates that were generated by the bad 
> openssl library under Debian Etch. Before the DSA was out, I already 
> hoped to add extra randomness by using the '-rand' command line option:
>
>     openssl genrsa -des3 -rand random.dat -out ${HOSTNAME}.pem 1024
>
> random.dat (about 2.5 megabytes) was created on the fly with:
>
>     dump -f random.dat /dev/random
>
> My questions are:
> - Are these certificates just as unthrustworthy when I didn't use the 
> -rand option?
> - Does the entropy from random.dat give me enough uniqueness to keep on 
> using these certificates (they are used for an public governmental website)?
>
> Thanks!
>
> Regards,
>
> Vince.
>
>
>
>
> _______________________________________________
> Pkg-openssl-devel mailing list
> Pkg-openssl-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-openssl-devel
>   

Since I didn't get any response on my question above, can somebody 
please tell if this is the right place te ask my questions about the 
openssl debian package?

Since some SSL keys generated by me could be in danger, I really like an 
answer or a pointer where to ask my question.

Regards,

Vince.




More information about the Pkg-openssl-devel mailing list