On Mon, May 26, 2014 at 08:20:43PM +0000, mancha wrote:
> For our purposes, the operative question is whether the distribution
> bias created can be leveraged in any way to attack factoring (RSA) or
> dlog (DH).
The maximum gap between primes of size $n$ is conjectured to be
around $log(n)^2$. If $n$ is $2^k$, the gap is at most $k^2$, with
an average value of $k$. Thus the most probable primes are most
$k$ times more probable than is typical, and we lose at most $log(k)$
bits of entropy. This is not a problem.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
