EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Where does TElCertificateRequest get entropy, true random data, from?

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#15692
Posted: 02/08/2011 07:57:46
by Richard Kelsall (Standard support level)
Joined: 06/25/2010
Posts: 16

Hi,

I have been experimenting with TElCertificateRequest in the sample program CertReqDemo.

First a small suggestion about the sample program - I am not sure this is the right place to provide this kind of feedback, but couldn't immediately see a better alternative. It defaults to SHA1 DSA with 1024 bits. This could probably be updated to default to SHA256 RSA with 2048 bits as a more secure default.

I have the program working and it generates certificate signing requests that seem to be good. But I am wondering whether there is sufficient entropy being fed into the key generation process. Is there an explaination somewhere of how SBB gathers entropy for keys? Is there an interface to allow me to feed it more entropy that I gather myself? Any pointers would be interesting.
#15693
Posted: 02/08/2011 08:08:09
by Ken Ivanov (EldoS Corp.)

Thank you for the suggestion about the sample program.

Quote
I have the program working and it generates certificate signing requests that seem to be good. But I am wondering whether there is sufficient entropy being fed into the key generation process.

A single global cryptographic random generator is used throughout the components library to collect entropy and produce pseudo-random data. The generator is initialised on library load and then is periodically seeded from different locations of the code of the library.

You can feed more entropy to the generator yourself with the use of SBUtils.Unit.SBRndSeed() and SBRndSeedTime() methods.
#15694
Posted: 02/08/2011 08:22:54
by Richard Kelsall (Standard support level)
Joined: 06/25/2010
Posts: 16

Thank you.

Reply

Statistics

Topic viewed 712 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!