Clifford Heath wrote:
>
> > Clifford Heath wrote:
> > > You simply need to increase the number of rounds of primality testing,
> > > say, double it. That doubles the cost, and each extra round approximately
> > > halves the chance of getting a non-prime.
>
> > No, adding one round halves the chance.
>
> Isn't that exactly what I said?
Yes, I misread it. Sorry!
> > > However I find this odd, because here we have these 1024 bit primes chosen
> > > from what we consider to be a space containing very roughly 2^128 primes
> > > (i.e. our 1024 bit prime contains ~128 bits of entropy)
> > Eh? Why do you say that?
>
> We use them in cipher suites with 128 bit encryption, and consider that the
> attack cost is of a roughly similar order. I know it's only ballpark,
> but it's still an indication of the amount of information that must be
> brute-forced.
Well, that's an estimate of factoring difficulty for a composite number.
Which isn't really the same as the entropy in a prime. There's roughly
2^1013 primes 1024 bits long.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
