Mark Shuttleworth wrote:
> > I don't really understand the math, but it seems to me that it finds
> > prime candidates then tests them for primeness. Is there a way to make
> > it test even more rigorously?
And Ben Laurie answered:
> In short, probably. But that tends to be expensive.
You simply need to increase the number of rounds of primality testing,
say, double it. That doubles the cost, and each extra round approximately
halves the chance of getting a non-prime.
However I find this odd, because here we have these 1024 bit primes chosen
from what we consider to be a space containing very roughly 2^128 primes
(i.e. our 1024 bit prime contains ~128 bits of entropy), but OpenSSL only
uses 50 rounds of primality testing doesn't it? Which means that only 1 in
2^78 "primes" actually are primes. Has anyone considered the attacks that
might be possible due to these non-primes?
Cc'd to Bruce Schneier in the hope it might interest him to answer...
------------------------------------------------------------
Clifford Heath http://www.osa.com.au/~cjh
Open Software Associates Limited mailto:[EMAIL PROTECTED]
29 Ringwood Street / PO Box 4414 Phone +613 9871 1694
Ringwood VIC 3134 AUSTRALIA Fax +613 9871 1711
------------------------------------------------------------
Proven Solution Deployment for the Global Enterprise
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
