Hi Ben, [...] > Note that RFC 2412 says: "Note that 2 is technically not a generator in > the number theory sense, because it omits half of the possible residues > mod P. From a cryptographic viewpoint, this is a virtue.", which is > precisely the type of generator I use for Lucre. To check for that, we > check that: g^2 mod p != 1 and g^((p-1)/2) mod p == 1. We should perhaps > revise the OpenSSL checks to do that. It should also be required that > (p-1)/2 is prime, so that, too should be checked. Of course, this would > break all existing "satisfactory" DH parameters. Hmmm.
I suggest DH_check() should only check whether p is a strong prime ( p = 2 * q + 1, q prime ) and that g^2 != 1 mod p ( <=> g != -1,1 mod p ). Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]