Jim Schneider wrote:
Sorry, I goofed - I thought we were talking about generating the prime for DH,
not the subsequent operations. In the case of the secret exponents, there's
no real justification for it (x just needs to be larger than C*ln(p)/ln(g),
where g is the DH generator, p is the DH prime, and C is a "big enough"
constant to prevent brute force attacks).
No, it doesn't. Why single out that part of the search space for protection?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
