My Quivering Choad tells me that Bodo Moeller had this to say:
> What exactly do you mean by "strong" primes? BN_generate_prime() uses
> the word "strong" for what is more commonly called a "safe" prime,
I mean a "safe" prime, then.
The WS method creatres primes that are guaranteed to be of the
form p = 2q+1 where q is also prime.
> > [...] because of the way the algorithm works, the size is somewhat
> > variable, though this can be made better with empirical adjustments to the
> > seed-data. For example, after asking for 1024 bit primes, I tended
> > to end up with 1032 bit ones. I don't know if this is a problem or
> > not. Is it?
>
> It is: Export cipher suites need Diffie-Hellman parameters of no more
> than 512 bits.
You mean "export from the US"?
I'm sure the code can be massaged to produce primes of the exact
size (I've not played around with this very much) and, in any
case, there is no reaosn why we can't use arbirarily large
primes for places where the export rules don't prohibit it, is
there?
Whatever, the code is (or very shortly will be) available. I can
emnail it to intrested parties, mail it to the list as a whole,
or give it to someone who can put it somewhere where anyone can
get it if they please.
Chad.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
