On Mon, May 26, 2014 at 08:20:43PM +0000, mancha wrote: > For our purposes, the operative question is whether the distribution > bias created can be leveraged in any way to attack factoring (RSA) or > dlog (DH).
The maximum gap between primes of size $n$ is conjectured to be around $log(n)^2$. If $n$ is $2^k$, the gap is at most $k^2$, with an average value of $k$. Thus the most probable primes are most $k$ times more probable than is typical, and we lose at most $log(k)$ bits of entropy. This is not a problem. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org