[Pkg-openssl-devel] Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation
Thorsten Glaser
tg at mirbsd.de
Wed Mar 19 19:48:48 UTC 2014
Florian Weimer dixit:
>> I’d expect OpenSSL to use more than *at best* 256 bits of
>> entropy for generating a key of 4096 bits length.
>
>Thorsten, I think you could report this as a public bug.
Okay.
>Historically, the OpenSSL command line tools have been intended for
>debugging only.
I disagree, in the case of genrsa and friends anyway.
Also, what do other tools (that do not invoke openssl(1)
unlike most of these I saw, which were shell wrappers
around it) do, entropy-wise?
GnuPG 1.x DTRT and eats about 4.7 kbit of entropy.
bye,
//mirabilos
--
<mirabilos> Owāte Jong… isch owāte disch gleisch…
<Natureshadow> Ich kenn nur Oblate
<mirabilos> Lernenz Platt
<Natureshadow> Ich bin zu dick für Platt
More information about the Pkg-openssl-devel
mailing list