On Wed, Aug 25, 2004 at 03:17:15PM +0100, Ben Laurie wrote: > lrk wrote: > > >My examination of RSAREF and OpenSSL code was more toward understanding how > >they handled big numbers. It appears both generate prime numbers which are > >half the length of the required N and with both of the two most significant > >bits set to one. This means the ratio R=P/Q (P being the larger prime) is > >limited to 1<R<(4/3). The actual maximum R is less and can be determined > >by examining N. > > This doesn't sound right to me - OpenSSL, IIRC, sets the top and bottom > bits to 1. Of course, all large primes have the bottom bit set to one.

The source of OpenSSL I looked at was part of the FreeBSD distribution. int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); BN_rand() generates a cryptographically strong pseudo-random number of bits bits in length and stores it in rnd. If top is -1, the most significant bit of the random number can be zero. If top is 0, it is set to 1, and if top is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*bits length. If bottom is true, the number will be odd. It appears this is called with top=1 for RSA primes. OpenSSL may not use it that way. -- [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]