Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
0
Helpful
1
Replies

crypto key generate in zero seconds?

Michael Hubbard
Level 1
Level 1

‎07-08-2016 11:50 PM - edited ‎03-10-2019 12:41 AM

I have been building several 4451 routers and 4507R+E switches recently. Right after the devices boot I run a script to create the configuration. The devices have only been up for a couple minutes when the "crypto key generate rsa mod 2048" command is run.

Below is the output. The routers have consistently been zero and switches under 4 seconds.

How can a newly booted device have enough entropy to create a 2048 bit RSA key pair in zero or 3 seconds?

Thanks in advance for any information!

TestLab_4451(config)#crypto key generate rsa mod 2048
The name for the keys will be: TestLab_4451.pu.pri

% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)

4507R+E
TestLab_4507_01(config)#crypto key generate rsa mod 2048
The name for the keys will be: TestLab_4507_01.pu.pri

% The key modulus size is 2048 bits
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 3 seconds)

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎07-10-2016 02:21 PM

I don't use 2048 bit anymore.  Try doing 4096 bit.  It will think for a little bit longer then.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents