Serial Number of a X.509 Certificate
https://stackoverflow.com/questions/2096905
-
21-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am programming a Certification Authority in java for a uni class, now I don't know what's the best option for the serial number of the Certificate.
- Simple static counter from 0 to veryBigNumber
- some huge BigInt random number
Is there any good reason for choosing one over the other... or none of them??
thanks,
Solution
I would recommend that you use a random number, but keep a list of those issued serial numbers in a database. This will allow for two things.
- You will never reissue the same serial number.
- You can tell from a certificate's serial number if it is even remotely valid.
Of course #1 requires that you check against the known list on generation and to generate a new random number if a collision occurs, and #2 isn't much of anything in terms of security or validation but an interesting prospect never-the-less.
OTHER TIPS
Technically counter from 0 to veryBigNumber is easier to implement than bigRandomNumber - because the serial numbers MUST be different.
However - you might not want to use a simple counter if you care about people knowing how many certificates you issued.
It depends on what you are using the serial number for. If you are a small company and if you are planning on giving one certificate per customer, then your serial number will reveal how many customers you have.
Other then that i dont see any reason why the serial number shouldn't be serial. Some people argue that using serial numbers will give away some information (the next serial number) to a potential attacker but i dont think that is a big issue.
The main requirement is that the pair (Issuer distinguished name, serial number) should be unique in the universe. Therefore you should not use a random number unless it is so large that the probability of repeat is negligible. A 20 byte random number should be more than adequate. A simple counter is perfectly fine, if you don't mind other people knowing how many certificates you have issued.
The relatively recent attacks on SSL certificate issuers (by Alex Sotirov et. al) that exploited the weakness in MD5 actually were made even easier by the use of counter-type serial numbers. Random serial numbers were not attacked. This does not mean that predictable serial numbers are bad security, it just means that for this application random serial numbers could help mask the weaknesses in MD5. The root problem was still MD5.
I think if we examine the word Serial the answer is implicit....Serial,series, progression etc
I happened to come across this question by chance just now, and you would think from the answers that a predictable serial number is not a security concern. I would say that it is a concern, and that random serial numbers are much safer. Cf. Flame attack et al here for example, or here or the wikipedia article on "Predictable serial number attack."
