Updated: 8/4/2025

Summary

The SSL Store’s blog Why All the Fuss About 64-Bit Serial Numbers details a recent issue where millions of digital certificates were revoked due to non-compliant serial numbers. 

A misconfiguration in the EJBCA software reduced certificate serial number entropy from 64 to 63 bits, violating CA/B Forum requirements. 

While not an immediate threat, this highlights the risks of relying on cryptographically secure pseudo-random number generators (CSPRNGs), which are predictable and vulnerable to quantum attacks. 

For critical infrastructure—like power grids and healthcare systems—weak randomness can lead to catastrophic breaches.

Why This Matters

Digital certificates secure critical infrastructure by authenticating devices and encrypting data. Serial numbers, acting as cryptographic salts, prevent spoofing.

The SSL Store notes that CSPRNGs, like those in EJBCA, can produce predictable patterns, risking collisions and exposing systems to attacks, especially with quantum computers looming.

Real Random’s Solution

Real Random’s True Random Number Generators (TRNGs) and Entropy-as-a-Service (EaaS) platform, detailed in What Is Entropy-as-a-Service and Who Needs It? and Why True Random Number Generation Matters in the Post-Quantum Era, address this vulnerability:

• Tamper-Evident TRNGs: Use Brownian motion for unpredictable, quantum-safe randomness, ideal for edge deployment in power grids or hospitals.
• EaaS Platform: Delivers scalable, low-latency entropy via APIs, ensuring robust certificate generation for real-time systems.
• Compliance and Quality: Passes NIST SP 800-90B and other tests, supporting the massive increase in demand for entropy to support PQC algorithms like ML-KEM.

Conclusion

The serial number fiasco underscores the dangers of weak randomness in critical infrastructure.

Real Random’s TRNGs and EaaS provide quantum-safe, high-quality entropy to secure certificates and protect essential systems.

Contact us at to safeguard your infrastructure.