>From: Geoff Thorpe <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: [openssl.org #86] Bug in RSA_check_key Date: Thu, 20 Jun 2002
>15:02:36 -0400 (EDT)
>
> .........
>
>*Maybe* ... but even then it doesn't solve the case of public keys.
>Moreover, how do you actually test a public key? What does "check"
>actually mean in this case?
>
> .........
>
>Cheers,
>Geoff
I would suggest the following for checking RSA public keys:
1) that the public exponent e satisfies 3 <= e < n and that
e is odd (PKCS#1) [this doesn't prevent low exponent
attacks however]
2) that the modulus n is not a probable prime
(e.g., apply 80 rounds of Miller-Rabin)
3) that n is not divisible by small primes
4) that n is not a perfect power
5) that n provides a suitable setting for the factoring
problem (e.g., |n| > 512 bits or 768 bits, etc.), and give
a warning if it is not.
I am working on some code which I hope to donate to
OpenSSL that accomplishes (4) and more...
Adam Young
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
