Menu
▾
▴
Re: [Ejbca-develop] More on 4096 bit keys
|
From: Tomas G. <to...@pr...> - 2004-06-07 08:14:14
|
Generation of RSA keys is also a bit 'luck'-dependent. Since the generator tries to find a large prime number by testing, it depends some on how 'lucky' the generator is in guessing primes. Ken Gunderson wrote: >On Monday 07 June 2004 01:33 am, Tomas Gustavsson wrote: > > >>In the released 3.0 there is a JBoss tuning that is supposed to >>increase timeout. It probably only works on versions > 3.2.4 though. >>The problem with command-line is Sun-Java related though. >> >> >> >>>openssl genrsa -des3 -out ca.key 4096 >>> >>> >>Did you use different keysize in 1, 2, 3 and 4? >> >> > >No. Same command each time. See man 4 random regarding collection of >"environmental noise" and creation of "entropy pool". Per >$JAVA_HOME/jre/lib/security/java.security, Java is using /dev/random as >source of seed data. At least on my FreeBSD boxes. > >My suspicion is that the different times may relate to the quality of >the entopy pool, although I admit to not having read the entire man >page (yet, anyways....), so could be completely ou tin left field on >this one... > > > |
