Hi.

First, I must warn you that generating keys on behalf of users is in general a very bad thing to do. Instead, you might want to provide a simple way for users to generate keys and get them certified. The biggest problem is that there is not an easy way to get a good set of random numbers on a server platform. On the other hand, users can get a great deal of randomness on their own client machines. If they can run netscape, then they can run PGP. .... I don't like to harp on this but you have stated the scenario so clearly,

At 1:24 PM 11/14/95, Derek Atkins wrote: that I ask: If the user cannot trust you to generate keys for him, why should he trust the code that you provide to him? That code can have errors like the old Netscape code except planted on purpose so that the private key is guessable in 2^40 tries. There are two answers, I think. The code is public and the user hopes that any flaws will be publicized. The second is to use keyed information (not timing but character information) to provide the random seed. That is the idea behind my post a few weeks ago: "Using deterministic programs to select private RSA keys" Some may find that method less hazardous then trusting the culture of publishing flaws in code. I can forward that posting to anyone interested.