Ben Laurie <[EMAIL PROTECTED]> wrote:
>"Arnold G. Reinhold" wrote:
>>
>> I wonder if you are confusing the length in bits of a PKC key, e.g. a
>> prime factor of an RSA public key, with the entropy of that private
>> key. The prime factor may be 512 bits long, but it usually does not
>> have anyway near 512 bits of randomness. Usually a secret prime is
>> generated by adding a 128 or 160-bit random quantity to some
>> non-secret base and then selecting the next prime number. In such a
>> scheme a 20 bytes (160 bits) random pool is not unreasonable for
>> generating one key or a small number of keys.
>
>In what sense is this "usual"? Who does it this way?
It's been a while so maybe I should not have been so categorical, but
I last time I looked PGP did this. They generated entropy by asking
the user to type at the keyboard and timing key strokes. Accumulating
1000 bit of entropy this way would take quite a while, especially on
Windows, which has poor timer resolution.
Most implementations that I am familiar with (not a lot) assume
entropy is expensive to generate. If you have a copious supply of
randomness, there is no reason not to consume n bits of entropy to
generate an n-bit prime. Does anyone know of systems that currently
do this?
Arnold Reinhold
