On Tue, Dec 11, 2012 at 3:27 PM, redpath <

[hidden email]> wrote:

> When using this command

>

> openssl genrsa -out test.pem 2048

>

> an RSA pair is created. Its not so much I want to know how a pair is

> randomly selected

> but how secure is that random selection. Random number generators are a

> series

> and this selection could be followed for brute force deciphering.

> Random number generators are a series

This is not invariably true, and in any case most depend for their

security on the availability of a small amount of entropy for seeding

- /dev/random is suitable, esp. on BSD systems that use a Yarrow-based

mixer.

There are side channel attacks against RSA key generation, but

guessing random numbers isn't one of them.

The real question is how the probable primes are selected.

- Select an interval near the desired size

- Sieve out composites divisible by small primes

- Select two probable primes such that (p - q) is reasonably large

(2^100 or so) to defeat the difference-of-squares method

- Perform enough primality tests to convince yourself they're prime ;-)

- other common criteria aren't really helpful - e.g. strong primes

(they were never necessary for RSA), restrictions on p-1 and q-1

(Elliptic Curve Method factoring makes those obsolete)

I can't answer the question about genrsa, I haven't looked at the code

in a very long time. But I observe that openssl is maintained by a

lot of smart folks who are always responsive to reported exploits and

vulnerabilities.

Maybe Dr. S.H. will chime in...

- M

______________________________________________________________________

OpenSSL Project

http://www.openssl.orgUser Support Mailing List

[hidden email]
Automated List Manager

[hidden email]