[guardian-dev] using /dev/random in openssl
ShootAKite at riseup.net
ShootAKite at riseup.net
Thu Mar 27 23:39:06 EDT 2014
To get good entropy install OpenBSD[1] on a VM with network adapter
permanently disabled and use /dev/arandom. If possible use a PEM pass
phrase so you have the countermeasure of "forgetting the password" if
under a lavabit attack. RSA 2048 bit theretically will require quantum
computers to crack unless someone comes up with more efficient math to
crack the RSA algorithm.
A
[1] http://www.openbsd.org/ftp.html#mirrors
On 03/27/2014 08:11 PM, Hans-Christoph Steiner wrote:
> Anyone have any opinions about generating keys with openssl using /dev/random
> on GNU/Linux? i.e.
>
> openssl genrsa -out key.pem -rand /dev/random 2048
>
> I figure there had been many flaws related to poorly seeded and implemented
> CSPRNGs that might as well just use pure random. Sure, it takes a lot longer,
> but its only once.
>
> .hc
More information about the Guardian-dev
mailing list