> Clifford Heath wrote:
> > You simply need to increase the number of rounds of primality testing,
> > say, double it. That doubles the cost, and each extra round approximately
> > halves the chance of getting a non-prime.
> No, adding one round halves the chance.
Isn't that exactly what I said?
> > However I find this odd, because here we have these 1024 bit primes chosen
> > from what we consider to be a space containing very roughly 2^128 primes
> > (i.e. our 1024 bit prime contains ~128 bits of entropy)
> Eh? Why do you say that?
We use them in cipher suites with 128 bit encryption, and consider that the
attack cost is of a roughly similar order. I know it's only ballpark,
but it's still an indication of the amount of information that must be
brute-forced.
> > but OpenSSL only
> > uses 50 rounds of primality testing doesn't it? Which means that only 1 in
> > 2^78 "primes" actually are primes. Has anyone considered the attacks that
> > might be possible due to these non-primes?
> What it means is that there's a 1 in 2^50 chance (or perhaps 1 in 2^100)
> that any particular prime is actually not prime.
Aarrrgh. It must be Monday morning. I'll try to engage my brain before
speaking again...
------------------------------------------------------------
Clifford Heath http://www.osa.com.au/~cjh
Open Software Associates Limited mailto:[EMAIL PROTECTED]
29 Ringwood Street / PO Box 4414 Phone +613 9871 1694
Ringwood VIC 3134 AUSTRALIA Fax +613 9871 1711
------------------------------------------------------------
Proven Solution Deployment for the Global Enterprise
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
