The passphrase will be used to encrypt the key on disk, so you will not be able to use the key without first entering the passphrase. The Key passphrase and Confirm passphrase boxes allow you to choose a passphrase for your key. When the key generation is complete, a new set of controls will appear in the window to indicate this. It will not move evenly, and may occasionally slow down to a stop this is unfortunately unavoidable, because key generation is a random process and it is impossible to reliably predict how long it will take. The progress bar will reset to the start, and gradually move up again to track the progress of the key generation. When the progress bar reaches the end, PuTTYgen will begin creating the key. You don’t need to wave the mouse in particularly imaginative patterns (although it can’t hurt) PuTTYgen will collect enough randomness just from the fine detail of exactly how far the mouse has moved each time Windows samples its position. Wave the mouse in circles over the blank area in the PuTTYgen window, and the progress bar will gradually fill up as PuTTYgen collects enough randomness. Once you have chosen the type of key you want, and the strength of the key, press the Generate button and PuTTYgen will begin the process of actually generating the key.įirst, a progress bar will appear and PuTTYgen will ask you to move the mouse around to generate randomness. However, the most modern factoring algorithms are unaffected, so this option is probably not worth turning on unless you have a local standard that recommends it. A ‘strong’ prime is a prime number chosen to have a particular structure that makes certain factoring algorithms more difficult to apply, so some security standards recommend their use. You might choose to switch from probable to proven primes if you have a local security standard that demands it, or if you don’t trust the probabilistic argument for the safety of the usual method.įor RSA keys, there’s also an option on the Key menu to use ‘strong’ primes as the prime factors of the public key. (This is only a concern for RSA keys for other key types, primes are either not secret or not involved.) If you use PuTTYgen to generate an RSA key on a computer that is potentially susceptible to timing- or cache-based side-channel attacks, such as a shared computer, the probable primes method is designed to resist such attacks, whereas the proven primes methods are not. There in one way in which PuTTYgen’s proven primes method is not strictly better than its probable primes method. This takes more effort, but it eliminates that theoretical risk in the probabilistic method. The other methods cause PuTTYgen to use numbers that it is sure are prime, because it generates the output number together with a proof of its primality.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |