RandomNumbers - CAcert Wiki

Q: Where do I get random numbers for my certificate keypair?

Random numbers in Common-Off-The-Shelf products

The crypto research around random number sources is concentrated on the technical sources behind the scenes, but not much research happened on the randomness of ready-to-use products that are widely used in practice.

It does not make much sense in our opinion that a CA demand it´s users to use good random numbers for their keypairs, without giving any hint, where they could get them, or where they definitely can´t get them.

This the list of FIPS certified Random Number generators: http://csrc.nist.gov/cryptval/rng/rngval.html http://csrc.nist.gov/rng/SP800-22b.pdf

Product	Vendor	Status
OpenSSL	OpenSSL	http://www2.futureware.at/~philipp/RNGQA-light.tar.bz2
IE	Microsoft
PGP	PGP Corporation	PGP 5.? had a flaw, newer versions should be ok
Navigator	Netscape	older versions (which?) had a flaw
Firefox	Mozilla

How can I test the random numbers behind a certificate?

Since the random numbers are used for the private key (p,q of RSA), they don´t go into the public key, which is part of a certificate request. So the CA doesn´t see the random numbers, and therefore can´t verify it´s quality directly.

One possibility would be to save all public keys, associate a pseudonym of the identity with it, and store the information about the software that was used, and give an alert for every matching public key that is sent from a different identity. (Renewal of a certificate from the same identity, or other certificates from the same identity that intentionally used the same keypair, should not give an alert)
The CA could try to automate the COTS software, to automatically generate keypairs, request, receive and backup the certificates together with the private keys. Afterwards the PKCS#12 backups could be unpacked, the private key extracted, p and q extracted, the random parts of p and q extracted, and all the random parts of all the automatically generated certificates be put together and statistically analyzed.

http://www2.futureware.at/~philipp/RNGQA-light.tar.bz2

It is not yet clear, whether that method will work, any feedback is highly appreciated!

Where can I get random number generators?

http://sig.cacert.at/cgi-bin/rngresults

Where can I test my own random numbers?

http://sig.cacert.at/random/

Requirements for a random number generator

https://financialcryptography.com/requirements/qdrng.html

Links

http://www.cypherpunks.to/~peter/06_random.pdf	Secure programming, Chapter about random numbers. Also includes good history examples of mistakes that were done
http://en.wikipedia.org/wiki/Randomness	Wikipedia on Randomness
http://www.cs.berkeley.edu/~daw/rnd/	Good links
http://www.intel.com/design/chipsets/manuals/298029.htm	Intel documentation

CategoryNewRootsTaskForce