Crypto++ security policy states, section 8.1 "RSA keys are generated according to procedures described in ANSI X9.31."
ANSI X9.31:1998, section 4.1.2, requires in particular that * p-1, p+1, q-1, q+1 each should have prime factors p1, p2, q1, q2 that are randomly selected primes in range 2^100 to 2^120. * p and q shall be the first primes discovered in an approriate interval, from a random starting point, that meet the above. * p and q shall be different in one at least of their first 100 bits. I failed to locate any code performing the above. Did I miss something, or is the above quotation of the security policy to be taken as implying that some (e.g. appendix A), but not all of ANSI X9.31 (e.g. body) is followed? Note: I am convinced that NOT following the above ANSI X9.31 requirements does NOT jeopardize security in any way; I just want to know if conformance to ANSI X9.31 can be claimed by using Crypto++ Francois Grieu
