On 31-07-2015 22:03, Viktor Dukhovni wrote:
> Is finding sufficiently large factors a tractable problem?
p-1 will usually have a large prime factor. But for q-1 to have the same prime
factor is highly unlikely. The
probability that GCD(n1, n2) = d for random n1, n2 is 6/(d^2 pi^2). For
RSA-1024
On 21-06-2015 18:10, Salz, Rich wrote:
> The big thing is "avoid data-dependant jumps." For example, memcmp() always
> runs the full length, almost any "if" statement needs careful scrutiny, and
> so on.
Case in point:
https://github.com/msotoodeh/curve25519/blob/master/source/curve25519_dh.c
On 11-06-2015 00:36, Bill Cox wrote:
> Samuel Neves' SSE version is the one we all played with in the Password
> Hashing Competition. The speed is amazing. Is there a faster version
> available now? Which version should we integrate into OpenSSL?
The problem with my implementat
n the
arithmetic shift version, but compilers seem to be pretty good at recognizing
and generating the arithmetic shift anyway, where available.
>From 5e78c9653bb473e9ad3ac015b755f08750b9a651 Mon Sep 17 00:00:00 2001
From: Samuel Neves
Date: Sat, 4 Oct 2014 00:13:36 +0100
Subject: [PATCH] U
