Anonymous <[EMAIL PROTECTED]> wrote:
> Looking at the DH_generate_parameters() in crypto/dh/dh_gen.c, the comment
> says that if you use generator 5 then p mod 10 == 3 or 7, while for generator
> 2, p mod 24 == 11 and for generator 3, p mod 12 == 5. That means that using
> 5 should find a good p twice as fast, right?
Wrong. Finding primes and then testing them would be too slow. Instead the
bn code constructs a random number of the right size that meets the modulo
condition (which is easy). Then it tests the number for primality and if
it fails repeatedly adds the modulus and tests again, until it passes. Doing
it that way, the second valid remainder isn't any use.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
