> And, I should note, you've already proved our point a dozen times > over. Your > code contains three separate bugs, all of them extremely serious. For > example, you used the byte size of the *MODULUS* (that's what RSA_size > returns) as the hash input size for the private key.
And, by the way, I'm not sure you realize quite how serious this is. If you used a binary format that put the public portions of the key in memory first along with the size of the public key rather than the private key, the net result would be a SHA256 hash of the *public* key only. Or perhaps only small bits of the private key. That would result in an algorithm that provided no security at all. Literally none. Do you understand what I'm saying? You could have easily, with bugs very similar to the ones you already had, accidentally produced an algorithm that appeared to work, producing the same hash every time, but actually producing a hash that is predictable from only the public key. (Or with only a few bytes of the private key, leaving it easily broken by brute force.) You are tap dancing on a mine field. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org