Adam Back <[email protected]> writes:
>Further the fact that the entropy seeding is so bad that some implementations
>are generating literally the same p value (but seemingly different q values)
>I would think you could view the fact that this can be detected and
>efficiently exploited via batch GCD as an indication of an even bigger
>problem.
Do we know that this is accidental rather than deliberate? A cute
"optimisation" for keygen would be to only randomly generate one half of the
{p,q} pair. It's plenty of randomness after all, surely you don't really need
both to be generated randomly, only one will do, and it'll halve the keygen
time...
Peter.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
