soygul
commented
9 years ago I'm hearing that disabling RDRAND would also be beneficial as it can not be audited to be non-malicious.
Closed soygul closed 9 years ago
soygul
commented
9 years ago I'm hearing that disabling RDRAND would also be beneficial as it can not be audited to be non-malicious.
soygul
commented
9 years ago Moved to: https://github.com/nbusy/ca/issues/1
http://www.keylength.com/en/3/
Need to research if work factor in validation is less for ECDSA 256 key vs RSA 3248 key. Gmail uses this so should be safe for mass browser support also.
On the other hand, ECDSA requires a "true" random number generator as opposed to
crypto/randpackage which is a pseudorandom number generator. However we can combinecrypto/randwith entropy generated by the incoming request (IP, request time, time spent on internal queue, load balancing route, handling server no, cpu mem usage for request, etc. etc.) to generate enough randomness for this purpose.At this point, I'm not 100% sure if we should hash than XOR
crypto/randwith other randomness or there is a more secure way.