[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Andrew R. Whalley awhalley at google.com
Thu May 19 00:53:12 UTC 2016

I think it's mostly a precaution against future attacks against SHA-2.  I'd
like us to act now mainly because we're thinking about it, and I'd much
prefer to be 10 years too early...

On Thu, May 5, 2016 at 5:41 AM, Doug Beattie <doug.beattie at globalsign.com>

> What drove Ben's initial proposal and the long following debate to mandate
> at least 64 unpredictable bits?   I haven't seen any discussions of the
> issue we're solving, just technical approaches for adding randomness to the
> certificate content.
> For SHA-1, sure, I understand this provides solid protection against
> preimage attacks, but is this necessary for SHA-2 algorithms?  It's a good
> idea, we should all be doing long serial numbers, but what's driving the
> need to mandate 64+ bit serial numbers and CSPRNG now?
> Doug
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
> Behalf Of Fotis Loukos
> Sent: Wednesday, May 4, 2016 2:53 AM
> To: Jacob Hoffman-Andrews <jsha at letsencrypt.org>
> Cc: public at cabforum.org; Tim Hollebeek <thollebeek at trustwave.com>
> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
> There are hardware devices that use cryptographic hash functions in order
> to unbias the biased input by the RNG. However, a cryptographic hash
> function is not a CSPRNG.
> I agree that the most common approach is to use the output from the true
> random source to seed a CSPRNG (as done for example by the linux kernel for
> the /dev/urandom device), however in the future true RNGs that are able to
> provide random bytes in high speed may be much more common.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160518/2abe7727/attachment-0003.html>

More information about the Public mailing list