On Thu, 01 Sep 2005 15:04:43 +0200, Simon Josefsson said: > If you control the random number generator, you control which > Miller-Rabin bases that are used too.
Oh well, if you are able to do this you have far easier ways of compromising the security. Tricking the RNG to issue the same number to requests for the secret exponent of an DSA sign operation seems to be easier. > Designing this fake random number generator is not trivial, and must > likely be done separately for each crypto library that is used. If > software only used prime numbers that came with a prime certificate, > you combat this attack. Here it would be easier to add a backdoor to the prime certificate check than to implement a fake RNG. Shalom-Salam, Werner --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]