diff options
| author | lloyd <[email protected]> | 2010-11-29 15:34:22 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-11-29 15:34:22 +0000 |
| commit | 45ab4c7ba638109610c00b15e4c7e7b4489e359c (patch) | |
| tree | 3993fab359246631d8ef65a8843e17fd69a65a22 /src | |
| parent | 16ca4e119d5beefcfaf92a3ce05b063997a782ce (diff) | |
Make the random serial numbers 256 bits to ensure they will never
collide. One might, theoretically, generate 2^64 certificates with a
single CA (say, for each particle in a planet wide cloud of smart
dust), but 2^128 does not seem possible.
Diffstat (limited to 'src')
| -rw-r--r-- | src/cert/x509ca/x509_ca.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index 4c4e62baa..57307d67e 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -98,7 +98,7 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const Extensions& extensions) { const u32bit X509_CERT_VERSION = 3; - const size_t SERIAL_BITS = 128; + const size_t SERIAL_BITS = 256; BigInt serial_no(rng, SERIAL_BITS); |