Ben
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ben Laurie
> Sent: Sunday, November 28, 1999 11:56 PM
> To: [EMAIL PROTECTED]
> Subject: Re: RSA key gen security
>
>
> "Rene G. Eberhard" wrote:
> >
> > Mark
> >
> > > Hiya
> > >
> > > I don't really understand the math, but it seems to me that it finds
> > > prime candidates then tests them for primeness. Is there a way to make
> > > it test even more rigorously?
> >
> > As much as I know RSA p and q are not strong primes.
> > In rsa_gen.c where p and q are generated you'll find the call
> > rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
> >
> > Change the third parameter from 0 to 1 and you'll have
> > (something like) a strong prime. I just took a very short
> > look to BN_generate_prime() and I think the additioal
> > test is wheter (p-1)/2 has a large prime factor. (Same for q).
>
> Ack! Terminology alert! That is not what strong means - strong is
> something much more complex - what you _probably_ mean is what Bodo has
> recently convinced me is a _safe_ prime, which is the "other half" of a
> Germain prime. That is, a Germain prime is a prime, p, s.t. 2p+1 is also
> prime. A safe prime is the 2p+1. I was mistakenly calling that half of
> the marriage a Germain prime.
>
> The additional test is, I'm pretty damn sure, whether (p-1)/2 is prime.
I used the definition of a "strong prime" as defined in "Handbook of
applied crypto, Definition 4.52". In the code of BN_generate_prime()
there you see the comment "for a strong prime generation, ..".
I don't think the current code generates "strong primes". Thus I said
"something like".
And you are right that a safe prime is 2p+1 where p is prime.
Regards Rene
--
-----------------------------------------------------------
Rene G. Eberhard
Mail : [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
