On July 17, 2008 10:48:51 am Yuliya Shulman wrote: > I'm not using OpenSSL to generate the list of primes. OpenSSl is using > it in the following path: > > RSA_generate_key() - in rsa_depr.c > RSA_generate_key_ex() in rsa_gen.c > rsa_builtin_keygen() in rsa_gen.c > BN_generate_prime_ex() in prime.c > BN_is_prime_fasttest_ex() in bn_prime.c > That's probably exactly what you should be doing.
Since the table of primes previously mentioned tops out at around 30bit primes (and there are 50 Million of those)... and modern cryptography suggests at least 4096 bit primes, you are completely doing the right thing by not using a table. (Just to make it clear - an application using those tables would be trivially crackable - and not just by reverse engineering the code :) > Algorithms of finding new primes are well-known, as is the biggest found > prime. Since I don't remember how big it is, I can't say whether it's > ~512-bit or not. However, all the primes up to that one should be known, > shouldn't they? That's what I meant. > Well, you should be able to deduce that, since RSA uses prime numbers, and RSA algorithms are defined up to 15000 or so bits, that there are at least primes that are that big known. :) As for "knowing the biggest" prime; from my understanding, the way that the mathies do that is that if the last biggest prime found was in (just as an example) 2^24000 - 1, then they start looking in 2^24001 - 1 for the next one - the minute they find a prime in that or a subsequent range, they declare that to be the biggest one, and so on... they certainly do not find every single prime number from 1 to 2^24001 - as Victor said, there are too many for that. Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]