[Pkg-openssl-devel] Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation

Thorsten Glaser tg at mirbsd.de
Wed Mar 19 19:48:48 UTC 2014


Florian Weimer dixit:

>> I’d expect OpenSSL to use more than *at best* 256 bits of
>> entropy for generating a key of 4096 bits length.
>
>Thorsten, I think you could report this as a public bug.

Okay.

>Historically, the OpenSSL command line tools have been intended for
>debugging only.

I disagree, in the case of genrsa and friends anyway.
Also, what do other tools (that do not invoke openssl(1)
unlike most of these I saw, which were shell wrappers
around it) do, entropy-wise?

GnuPG 1.x DTRT and eats about 4.7 kbit of entropy.

bye,
//mirabilos
-- 
<mirabilos> Owāte Jong… isch owāte disch gleisch…
<Natureshadow> Ich kenn nur Oblate
<mirabilos> Lernenz Platt
<Natureshadow> Ich bin zu dick für Platt



More information about the Pkg-openssl-devel mailing list