[Pkg-openssl-devel] Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation
Joey Hess
joeyh at debian.org
Wed Mar 19 23:25:23 UTC 2014
Thorsten Glaser wrote:
> >ENTROPY_NEEDED is hardcoded to 32.
>
> Is that OpenSSL/Debian, OpenSSL/GNU/Linux, or OpenSSL in general,
> by the way? (While I’m not unfamiliar with the codebase, the one
> I’m using on BSD differs.)
It's like that in the upstream tarball AFAICS.
BTW, openssl(1) can be used to generate larger keys, so there must be
sizes of keys where the 32 bytes is not enough entropy. Whether it makes
any sense to make such a large key I don't know[1]. openssl(1) is
certianly not doing anything to prevent foot-shooting here.
--
see shy jo
[1] Though at least making a larger than default size gpg key has been a
good choice over the past 10-15 years in hindsight.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20140319/c6359824/attachment.sig>
More information about the Pkg-openssl-devel
mailing list