Le 7 février 2011 19:33, Jean-Michel Pouré - GOOZE <jmpo...@gooze.eu> a écrit : > Le lundi 07 février 2011 à 15:27 +0100, Ludovic Rousseau a écrit : >> It looks like bad news for me. >> A prime number generator in constant time is _very_ suspect. > > Don't be suspicious, the Feitian PKI is a fast card.
The problem is not the speed but the absence of variation in time. I just did an experiment with: $ time ssh-keygen -f test -N "abcde" -b 2048 I made two measures: real 0m0.435s user 0m0.436s sys 0m0.000s and real 0m0.031s user 0m0.028s sys 0m0.004s The time variation is by a factor x14 here. This is only one example. I would not say openssh is slow or fast. That is not the problem here. It is _expected_ to have a _highly_ variable time for prime number generators. Bye -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
