On Thu, Aug 12, 2004 at 03:27:07PM -0700, Jon Callas wrote:
> On 10 Aug 2004, at 5:16 AM, John Kelsey wrote:
> >So, how many people on this list have actually looked at the PGP key 
> >generation code in any depth?  Open source makes it possible for 
> >people to look for security holes, but it sure doesn't guarantee that 
> >anyone will do so, especially anyone who's at all good at it.
> Incidentally, none of the issues that lrk brought up (RSA key being 
> made from an "easy to factor" composite, a symmetric key that is a weak 
> key, etc.) are unique to PGP.

Yep. And I know that. But as my hair turns grey, I make more simple mistakes
and catch fewer of them.

Looks like we are batting zero here. I have seen no responses nor received
off-list e-mail from anyone admitting to examining the open source for holes.

My examination of RSAREF and OpenSSL code was more toward understanding how
they handled big numbers. It appears both generate prime numbers which are
half the length of the required N and with both of the two most significant
bits set to one. This means the ratio R=P/Q (P being the larger prime) is
limited to 1<R<(4/3). The actual maximum R is less and can be determined
by examining N.

While this seems not very helpful, the more bits of R I know, the easier
it is to factor N. Is this well known and has it been discussed here?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to