Re: RSA moduli sizes
- From: Mark Wooding <mdw@xxxxxxxxxxxxxxxx>
- Date: Thu, 09 Apr 2009 16:54:48 +0100
pubkeybreaker <pubkeybreaker@xxxxxxx> writes:
Instead, do what I told you to do several posts back.[...]
Generate p,q uniformly at random from an interval such that
their product is GUARANTEED to have 2n bits. This is trivial.
May I suggest that you people stop presenting your own 'pet'
ideas and go out and STUDY this subject???? Read some books.
Read IEEE 1363 and FIPS-140 and X9-80 and X9-31, etc. etc.
Stop prattling! Leave design of algorithms (such as the
erroneous one given above) to people who have studied how to
do it.
In practice, primes are chosen by picking a random starting point and
finding the next smallest prime which satisfies some criteria. Such
primes are certainly not uniformly distributed -- indeed, they're biased
towards primes preceded by large contiguous regions of composite
numbers.
X9.31 demands that you choose the primes like this -- and NIST's
validation system verifies that you do it like X9.31 says, hopelessly
quaint notions of strong primes and everything. (They give you starting
points and tell you to generate RSA keys. If you generate the wrong
ones, you don't get a certificate.)
-- [mdw]
.
- Follow-Ups:
- Re: RSA moduli sizes
- From: pubkeybreaker
- Re: RSA moduli sizes
- References:
- Re: RSA moduli sizes
- From: 1 . 41421
- Re: RSA moduli sizes
- From: Joseph Ashwood
- Re: RSA moduli sizes
- From: pubkeybreaker
- Re: RSA moduli sizes
- From: Tim Smith
- Re: RSA moduli sizes
- From: pubkeybreaker
- Re: RSA moduli sizes
- Prev by Date: Re: RSA moduli sizes
- Next by Date: A Useful Website for Cryptography Researchers - MyNetResearch.com
- Previous by thread: Re: RSA moduli sizes
- Next by thread: Re: RSA moduli sizes
- Index(es):
Relevant Pages
|
