Re: Problems With Public Key Cryptosystems

• Previous message: Mok-Kong Shen: "Q: Smartphones"
• In reply to: Michael Barr: "Re: Problems With Public Key Cryptosystems"
• Next in thread: David A. Scott: "Re: Problems With Public Key Cryptosystems"
• Reply: David A. Scott: "Re: Problems With Public Key Cryptosystems"
• Reply: Douglas A. Gwyn: "Re: Problems With Public Key Cryptosystems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 14 Jul 2004 16:19:27 +0000 (UTC)

Michael Barr wrote:
>Why does anyone even respond to this crock? The reason I am replying
>is to make the point that several years ago, Susan Landau wrote an
>article in the American Math. Monthly pointing out that there were a
>significant and constantly growing number of conditions on the prime
>factors you choose. Of the form that p-1 should not have certain
>small prime divisors. What was worrisome was that the more they look,
>the more such conditions there were. From which I inferred that you
>couldn't be sure that what seems safe today will be so tomorrow.

Actually, the number of conditions is shrinking. The bit about safe
primes, small divisors of p-1, etc., is now considered irrelevant; they
seem to have been an artifact of the old factoring algorithms. Today's
best factoring algorithms don't care whether p-1 has small factors, so
the advice today is just to generate a pair of primes uniformly at
random without worrying about special conditions.

Your conclusion is still right on, of course. We can't be sure that
what seems safe today will still be safe tomorrow.

• Previous message: Mok-Kong Shen: "Q: Smartphones"
• In reply to: Michael Barr: "Re: Problems With Public Key Cryptosystems"
• Next in thread: David A. Scott: "Re: Problems With Public Key Cryptosystems"
• Reply: David A. Scott: "Re: Problems With Public Key Cryptosystems"
• Reply: Douglas A. Gwyn: "Re: Problems With Public Key Cryptosystems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]