Q: Where do I get random numbers for my certificate keypair? == Random numbers in Common-Off-The-Shelf products == The crypto research around random number sources is concentrated on the technical sources behind the scenes, but not much research happened on the randomness of ready-to-use products that are widely used in practice. It does not make much sense in our opinion that a CA demand it´s users to use good random numbers for their keypairs, without giving any hint, where they could get them, or where they definitely can´t get them. This the list of FIPS certified Random Number generators: http://csrc.nist.gov/cryptval/rng/rngval.html http://csrc.nist.gov/rng/SP800-22b.pdf ||Product||Vendor||Status|| ||OpenSSL||OpenSSL||http://www2.futureware.at/~philipp/RNGQA-light.tar.bz2|| ||IE||Microsoft|||| ||PGP||PGP Corporation||||PGP 5.? had a flaw, newer versions should be ok|| ||Navigator||Netscape||older versions (which?) had a flaw|| ||Firefox||Mozilla|||| == How can I test the random numbers behind a certificate? == Since the random numbers are used for the private key (p,q of RSA), they don´t go into the public key, which is part of a certificate request. So the CA doesn´t see the random numbers, and therefore can´t verify it´s quality directly. * One possibility would be to save all public keys, associate a pseudonym of the identity with it, and store the information about the software that was used, and give an alert for every matching public key that is sent from a different identity. (Renewal of a certificate from the same identity, or other certificates from the same identity that intentionally used the same keypair, should not give an alert) * The CA could try to automate the COTS software, to automatically generate keypairs, request, receive and backup the certificates together with the private keys. Afterwards the PKCS#12 backups could be unpacked, the private key extracted, p and q extracted, the random parts of p and q extracted, and all the random parts of all the automatically generated certificates be put together and statistically analyzed. http://www2.futureware.at/~philipp/RNGQA-light.tar.bz2 It is not yet clear, whether that method will work, any feedback is highly appreciated! == Where can I get random number generators? == [[http://sig.cacert.at/cgi-bin/rngresults]] == Where can I test my own random numbers? == [[http://sig.cacert.at/random/]] == Requirements for a random number generator == https://financialcryptography.com/requirements/qdrng.html == Links == ||<50%> http://www.cypherpunks.to/~peter/06_random.pdf || Secure programming, Chapter about random numbers. Also includes good history examples of mistakes that were done || || http://en.wikipedia.org/wiki/Randomness || Wikipedia on Randomness || || http://www.cs.berkeley.edu/~daw/rnd/ || Good links || || http://www.intel.com/design/chipsets/manuals/298029.htm || Intel documentation || ---- . CategoryNewRootsTaskForce