BigSur
Posts: 4
Joined: Sat Apr 14, 2018 11:12 pm

2048 bit RSA too quick to generate?

Sat Apr 14, 2018 11:21 pm

Here's my setup:
- Raspberry Pi 3 B+
- Raspbian Stretch 2018-3-13
- Open VPN installed via PiVPN script (curl -L https://install.pivpn.io | bash)
- I opted for the new 2.4 standard as I'll only have up-to-date clients connecting.

The 2048 bit RSA private key generated in under 20 seconds. On my test system (Raspbian for desktop in a VM on a Quad i7) it took about 7 minutes to generate. Here's the output from this install:

Code: Select all

Generating a 2048 bit RSA private key
.........................+++
...........................+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/xxxxxxxxxxxxxxx.for.my.privacy
FWIW, there were no errors, and the ovpns profile is fine, and the VPN connects great. I'm concerned there may be a potential hole here as it just seemed to generate too quickly!

Any opinions are appreciated.

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5120
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: 2048 bit RSA too quick to generate?

Sat Apr 14, 2018 11:27 pm

Don't know how they're generated, so just taking a guess, but perhaps the VM didn't have enough entropy whereas actual running hardware did? Isn't that a common problem with generating keys in VMs?

BigSur
Posts: 4
Joined: Sat Apr 14, 2018 11:12 pm

Re: 2048 bit RSA too quick to generate?

Sun Apr 15, 2018 12:48 am

ShiftPlusOne wrote:
Sat Apr 14, 2018 11:27 pm
Don't know how they're generated, so just taking a guess, but perhaps the VM didn't have enough entropy whereas actual running hardware did? Isn't that a common problem with generating keys in VMs?
Thanks for the reply!

This is my first attempt at setting up OpenVPN and I’ve read others’ stories about it taking hours. I’m hoping some first hand experiences on similar hardware will provide some perspective.

IanS
Posts: 188
Joined: Wed Jun 20, 2012 2:51 pm
Location: Southampton, England

Re: 2048 bit RSA too quick to generate?

Mon Apr 16, 2018 9:12 am

I have a Pi 2B acting as an OpenVPN gateway. From memory, generating keys on that was a 'sit and wait' delay for 1024 bit, but a 'go for a large coffee' for 2048 bits. Neither was close to 'come back in the morning'. Obviously a model 3 will be somewhat faster. Can you post the exact command you are using?

BigSur
Posts: 4
Joined: Sat Apr 14, 2018 11:12 pm

Re: 2048 bit RSA too quick to generate?

Mon Apr 16, 2018 10:37 pm

IanS wrote:
Mon Apr 16, 2018 9:12 am
I have a Pi 2B acting as an OpenVPN gateway. From memory, generating keys on that was a 'sit and wait' delay for 1024 bit, but a 'go for a large coffee' for 2048 bits. Neither was close to 'come back in the morning'. Obviously a model 3 will be somewhat faster. Can you post the exact command you are using?
Hey IanS, I don't know the exact command as it was all part of the PiVPN script.
(https://raw.githubusercontent.com/pivpn ... install.sh)

It was so fast to generate, it only printed 2 lines of progress and then completed. Must have been under 20-30 seconds. Could a Pi 3 be that much faster than a 2?

jahboater
Posts: 2729
Joined: Wed Feb 04, 2015 6:38 pm

Re: 2048 bit RSA too quick to generate?

Tue Apr 17, 2018 8:43 am

ARMv8 has some special hardware instructions for doing this, which if used, make the process a couple of orders of magnitude faster. But I don't know if they are available in 32-bit mode.

Return to “Networking and servers”

Who is online

Users browsing this forum: No registered users and 21 guests