"Rene G. Eberhard" wrote:
>
> Mark
>
> > Hiya
> >
> > I don't really understand the math, but it seems to me that it finds
> > prime candidates then tests them for primeness. Is there a way to make
> > it test even more rigorously?
>
> As much as I know RSA p and q are not strong primes.
> In rsa_gen.c where p and q are generated you'll find the call
> rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
>
> Change the third parameter from 0 to 1 and you'll have
> (something like) a strong prime. I just took a very short
> look to BN_generate_prime() and I think the additioal
> test is wheter (p-1)/2 has a large prime factor. (Same for q).
Ack! Terminology alert! That is not what strong means - strong is
something much more complex - what you _probably_ mean is what Bodo has
recently convinced me is a _safe_ prime, which is the "other half" of a
Germain prime. That is, a Germain prime is a prime, p, s.t. 2p+1 is also
prime. A safe prime is the 2p+1. I was mistakenly calling that half of
the marriage a Germain prime.
The additional test is, I'm pretty damn sure, whether (p-1)/2 is prime.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
