[cabfpub] FW: Pre-Ballot 164 - Certificate Serial Number Entropy

Ben Wilson ben.wilson at digicert.com
Mon Apr 18 22:45:06 UTC 2016


On the cablint report for the 20 bits of entropy, https://crt.sh/?cablint=38, there  are 20 certificates that were listed.  If this changes to 64 bits, how many more certificates will be on the list?

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: Monday, April 18, 2016 10:25 AM
To: CABFPub <public at cabforum.org>
Subject: [cabfpub] FW: Pre-Ballot 164 - Certificate Serial Number Entropy

 

Forwarding

 

From: Kane York [mailto:kanepyork at gmail.com] 
Sent: Monday, April 18, 2016 10:23 AM
To: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; Erwann Abalea <Erwann.Abalea at docusign.com <mailto:Erwann.Abalea at docusign.com> >
Cc: questions at cabforum.org <mailto:questions at cabforum.org> 
Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

 

 

On Fri, Apr 15, 2016 at 7:52 AM Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> > wrote:

I didn’t think it was that simple.  For instance, see https://en.wikipedia.org/wiki/Password_strength 

 

From: Erwann Abalea [mailto:Erwann.Abalea at docusign.com <mailto:Erwann.Abalea at docusign.com> ] 
Sent: Friday, April 15, 2016 8:44 AM
To: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >
Cc: CABFPub <public at cabforum.org <mailto:public at cabforum.org> >


Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

 

Bonjour, 

 

20 bits of entropy is the same as 20 bits unpredictable bits.

 

Whence, 64 bits of entropy is a higher requirement than 20 bits of entropy.

 

Cordialement,

Erwann Abalea

 

No, it definitely is that simple.

 

I think the confusion here is the definition of "hex characters".

 

> Our CA issues certificates with 32 hexadecimal characters for the serial number.

 

This is not possible - you cannot have 32 ASCII characters in the serial number.

The most likely truth given that explanation is that you have 16 fully random bytes. Which would be 16 * 8 = 128 random bits, satisfying the entropy requirements.

 

3 fully random bytes would satisfy the 20-bit requirement.

6 fully random hexadecimal ASCII characters encoded in the serial number would satisfy the 20-bit requirement.

 

8 fully random bytes is required to satisfy the 64-bit requirement.

16 bytes with 4 bits of entropy each, which ASCII-encoded hexadecimal would be, would satisfy the entropy requirement and leave you 3.875 bytes left over for other information.

 

 

Le 15 avr. 2016 à 16:32, Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> > a écrit :

 

Forwarding

 

From: Man Ho (Certizen) [ <mailto:manho at certizen.com> mailto:manho at certizen.com] 
Sent: Thursday, April 14, 2016 7:51 PM
To: Ben Wilson < <mailto:ben.wilson at digicert.com> ben.wilson at digicert.com>; Ryan Sleevi < <mailto:sleevi at google.com> sleevi at google.com>
Cc:  <mailto:public at cabforum.org> public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

 

Ben,

We had already changed our system to issue SSL certificates with 20 hexadecimal characters of at least 20-bit of entropy since 2014. I'm just wondering why the requirement is changed from "bits of entropy" to "unpredictable bits", which I don't understand the conversion (like "cm" to "inch" :). I don't know whether our software vendor understands it.

Man

On 4/15/2016 4:24 AM, Ben Wilson wrote:

You’re right, given a randomly generated 20-byte serial number, you have 159 unpredictable bits.   

 

From: Ryan Sleevi [ <mailto:sleevi at google.com> mailto:sleevi at google.com] 
Sent: Thursday, April 14, 2016 2:03 PM
To: Ben Wilson  <mailto:ben.wilson at digicert.com> <ben.wilson at digicert.com>
Cc: Man Ho (Certizen)  <mailto:manho at certizen.com> <manho at certizen.com>;  <mailto:public at cabforum.org> public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

 

Ben:

 

Are you sure your math is correct? A serial number is 20 bytes, with the high bit needing to be 1 (for the encoding of positive INTEGERS within DER). This leaves 159 bits for entropy. So you certainly can't have more unpredictable bits than that :)

 

On Thu, Apr 14, 2016 at 12:59 PM, Ben Wilson < <mailto:ben.wilson at digicert.com> ben.wilson at digicert.com> wrote:

Man,

Have you had a chance to do  further research on the capabilities of your system?   Our CA issues certificates with 32 hexadecimal characters for the serial number.  There are 4 bits of entropy for each hexadecimal character.  Therefore, our serial numbers have 128 bits of entropy and 16*32= 512 unpredictable bits.  An 8-hexadecimal character serial number would have 32 bits of entropy and 128 unpredictable bits.  A 20-bit entropy would be equal to 5 hexadecimal characters, or 80 unpredictable bits, so this seems like this is a downgrade to go to 64 unpredictable bits.  Am I right?

Ben

 

From: Man Ho (Certizen) [mailto: <mailto:manho at certizen.com> manho at certizen.com] 
Sent: Wednesday, March 23, 2016 12:27 AM
To: Ben Wilson < <mailto:ben.wilson at digicert.com> ben.wilson at digicert.com>;  <mailto:public at cabforum.org> public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

 

Hi all,

Is the meaning of "at least 64 unpredictable bits" setting the same or a higher requirement than "at least 20 bits of entropy" ? I'm not quite sure whether our certificate generation software has this setting in itself.

Cheers
Man

On 3/1/2016 12:21 AM, Ben Wilson wrote:

REPLACE 

"CAs SHOULD generate non-sequential Certificate serial numbers that exhibit at least 20 bits of entropy" 

WITH 

"Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater than zero (0) that contains at least 64 unpredictable bits." 

 


_______________________________________________
Public mailing list
 <mailto:Public at cabforum.org> Public at cabforum.org
 <https://cabforum.org/mailman/listinfo/public> https://cabforum.org/mailman/listinfo/public

 

 

_______________________________________________
Public mailing list
 <mailto:Public at cabforum.org> Public at cabforum.org
 <https://cabforum.org/mailman/listinfo/public> https://cabforum.org/mailman/listinfo/public

 

_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 
https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160418/dd196b42/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160418/dd196b42/attachment-0001.p7s>


More information about the Public mailing list