Menu
▾
▴
Re: [Ejbca-develop] More on 4096 bit keys
|
From: Ken G. <kgu...@te...> - 2004-06-06 20:13:11
|
On Sunday 06 June 2004 01:10 pm, Tomas Gustavsson wrote: > It might have something to do with the crypto-apckage we're using, > BouncyCastle. I'll forward the message to their mailing list to get > an answer. 4096 bits shoudl take quite a bit longer than 2048. How > logn does it take for OpenSSL? > > Cheers, > Tomas I) OpenSSL 2.8 GHz Xeon- FreeBSD 4.9-RELEASE-p5 1- 30 sec.=20 2- 60 sec. 3- 70 sec. Ran more tests on PIII-700- FreeBSD 5.2.1-RELEASE-p8 1- 30 sec 2- 2 min 3- 2 min 4- 15 sec Between test 3 & 4 I "seeded" /dev/random with a lot of keyboard=20 activity, multiple logins, a find running on one, top on another,=20 reading obscure man pages on another. So the nic was busy shuttling=20 packets to all the logins. I also pointed a ping at it. PII Xeon machine is FBSD-4.9 and apparently not tuned to collect the=20 entropy, and I couldn't get 15 sec result playing the same games I did=20 prior to test 4 on PIII machine. I wonder if this may have something to do with the "quality" of=20 randomness in /dev/random degrading after creating multiple keys and=20 then it needs to "wait" to collect sufficient amount to generate the=20 next set?? On PIII machine: rootshell# sysctl kern.random kern.random.sys.seeded: 1 kern.random.sys.harvest.ethernet: 1 kern.random.sys.harvest.point_to_point: 1 kern.random.sys.harvest.interrupt: 1 kern.random.sys.harvest.swi: 0 kern.random.yarrow.gengateinterval: 10 kern.random.yarrow.bins: 10 kern.random.yarrow.fastthresh: 192 kern.random.yarrow.slowthresh: 256 kern.random.yarrow.slowoverthresh: 2 man 4 random points me at <http://www.schneier.com/yarrow.html> for more=20 info on yarrow controls... Xeon machine doesn't sport those knobs... II) Ejbca Xeon machine 1- 4096 bit self signed root ca- 3 min. 35 sec. 2- 4096 bit sub ca signed by #1, about the same. --=20 Best regards, Ken Gunderson GPG Key-- 9F5179FD "Freedom begins between the ears." -- Edward Abbey |
