Re: How to detect RSA keys that are weak?

On 2010-12-01, Pubkeybreaker <pubkeybreaker@xxxxxxx> wrote:
On Dec 1, 12:21?pm, Prof Craver <xcottcra...@xxxxxxxxx> wrote:
On Dec 1, 5:57?am, unruh <un...@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

No, you choose the first prime randomly, the second prime using the
"fixed" procedure.

That would certainly be less obvious than your original suggestion.
Your original suggestion have every modulus starting with the same 512
bits, having the same initial 85 characters in base-64 encoding.

Define a "weak" key as one that is susceptible to a special-purpose
factoring attack.

There are many ways to deliberately construct "weak" keys.

If one is truly paranoid, one can always perform a zero-knowledge
proof that proves that the key is not susceptible to some specific
attack. I wrote a paper on this. (giving a variety of ZKP's for a
variety of attacks)

But it would only apply to that particular attack. And paranoids
would still argue that one can't trust the software that conducts the

Trust has to exist SOMEWHERE in order to use crypto software. And by
somewhere I mean somewhere external to one's self.

Crypto should be a field in which you minimize external trust. Since the
key is so critical to the usefullness of crypto, it should be the place
where you trust outside sources to an absolute minimum. The software
itslef you can test to see if it does what it claims to do (eg take
modular powers) Key generation you cannot.

Use your own, open source, preferably separately written, key generation