[Discuss] How do I add entropy?
Bill Ricker
bill.n1vux at gmail.com
Sun Sep 7 12:38:50 EDT 2014
On Sun, Sep 7, 2014 at 8:52 AM, Kent Borg <kentborg at borg.org> wrote:
> A public key of 4096-bits is like a much shorter symmetric key (~200-bits?),
> so unless you are generating a bunch of keys, you shouldn't have any
> problem.
An RSA key of size 4096 bits has *security* equivalent somewhere
between 128 and 200 bits (which sometimes gets rounded down to 128
since < 256 bits), but that is *not* a measure of how much entropy its
generation will consume.
Generating two 2kbit primes will consume a *lot* of entropy from
/dev/random, because each random candidate-prime must be tested by
hundreds of random 'witness' numbers (potentially upto 1kbit in size).
Generating one 256bit random symmetric key would be far far more
efficient in terms of entropy consumed, but that doesn't get you all
the key management and authentication benefits of Public Key.
(Generating RSA keys on a virtual box could be very very slow as they
don't have hardware entropy sources available.)
--
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux
More information about the Discuss
mailing list