Q: Where do I get random numbers for my certificate keypair?

== Random numbers in Common-Off-The-Shelf products ==

The crypto research around random number sources is concentrated on the technical sources behind the scenes, but not much research happened on the randomness of ready-to-use products that are widely used in practice.

It does not make much sense in our opinion that a CA demand it´s users to use good random numbers for their keypairs, without giving any hint, where they could get them, or where they definitely can´t get them.

This the list of FIPS certified Random Number generators:
http://csrc.nist.gov/cryptval/rng/rngval.html
http://csrc.nist.gov/rng/SP800-22b.pdf

||Product||Vendor||Status||
||OpenSSL||OpenSSL||http://www2.futureware.at/~philipp/RNGQA-light.tar.bz2||
||IE||Microsoft||||
||PGP||PGP Corporation||||PGP 5.? had a flaw, newer versions should be ok||
||Navigator||Netscape||older versions (which?) had a flaw||
||Firefox||Mozilla||||


== How can I test the random numbers behind a certificate? ==

Since the random numbers are used for the private key (p,q of RSA), they don´t go into the public key, which is part of a certificate request. So the CA doesn´t see the random numbers, and therefore can´t verify it´s quality directly.

 * One possibility would be to save all public keys, associate a pseudonym of the identity with it, and store the information about the software that was used, and give an alert for every matching public key that is sent from a different identity. (Renewal of a certificate from the same identity, or other certificates from the same identity that intentionally used the same keypair, should not give an alert) 

 * The CA could try to automate the COTS software, to automatically generate keypairs, request, receive and backup the certificates together with the private keys. Afterwards the PKCS#12 backups could be unpacked, the private key extracted, p and q extracted, the random parts of p and q extracted, and all the random parts of all the automatically generated certificates be put together and statistically analyzed.

http://www2.futureware.at/~philipp/RNGQA-light.tar.bz2

It is not yet clear, whether that method will work, any feedback is highly appreciated!

== Where can I get random number generators? ==

[[http://sig.cacert.at/cgi-bin/rngresults]]

== Where can I test my own random numbers? ==

[[http://sig.cacert.at/random/]]

== Requirements for a random number generator ==

https://financialcryptography.com/requirements/qdrng.html

== Links ==

||<50%> http://www.cypherpunks.to/~peter/06_random.pdf || Secure programming, Chapter about random numbers. Also includes good history examples of mistakes that were done ||
|| http://en.wikipedia.org/wiki/Randomness || Wikipedia on Randomness ||
|| http://www.cs.berkeley.edu/~daw/rnd/ || Good links ||
|| http://www.intel.com/design/chipsets/manuals/298029.htm || Intel documentation ||

----
 . CategoryNewRootsTaskForce