[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Ben Wilson ben.wilson at digicert.com
Thu Apr 14 20:24:04 UTC 2016

You’re right, given a randomly generated 20-byte serial number, you have 159 unpredictable bits.   


From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Thursday, April 14, 2016 2:03 PM
To: Ben Wilson <ben.wilson at digicert.com>
Cc: Man Ho (Certizen) <manho at certizen.com>; public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy




Are you sure your math is correct? A serial number is 20 bytes, with the high bit needing to be 1 (for the encoding of positive INTEGERS within DER). This leaves 159 bits for entropy. So you certainly can't have more unpredictable bits than that :)


On Thu, Apr 14, 2016 at 12:59 PM, Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> > wrote:


Have you had a chance to do  further research on the capabilities of your system?   Our CA issues certificates with 32 hexadecimal characters for the serial number.  There are 4 bits of entropy for each hexadecimal character.  Therefore, our serial numbers have 128 bits of entropy and 16*32= 512 unpredictable bits.  An 8-hexadecimal character serial number would have 32 bits of entropy and 128 unpredictable bits.  A 20-bit entropy would be equal to 5 hexadecimal characters, or 80 unpredictable bits, so this seems like this is a downgrade to go to 64 unpredictable bits.  Am I right?



From: Man Ho (Certizen) [mailto: <mailto:manho at certizen.com> manho at certizen.com] 
Sent: Wednesday, March 23, 2016 12:27 AM
To: Ben Wilson < <mailto:ben.wilson at digicert.com> ben.wilson at digicert.com>;  <mailto:public at cabforum.org> public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy


Hi all,

Is the meaning of "at least 64 unpredictable bits" setting the same or a higher requirement than "at least 20 bits of entropy" ? I'm not quite sure whether our certificate generation software has this setting in itself.


On 3/1/2016 12:21 AM, Ben Wilson wrote:


"CAs SHOULD generate non-sequential Certificate serial numbers that exhibit at least 20 bits of entropy" 


"Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater than zero (0) that contains at least 64 unpredictable bits." 


Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160414/f9dff0e4/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160414/f9dff0e4/attachment-0001.p7s>

More information about the Public mailing list