On Mon, Mar 29, 1999 at 01:12:03PM +0000, Chad C. Mulligan wrote:
> Bodo Moeller:
>> What exactly do you mean by "strong" primes? BN_generate_prime() uses
>> the word "strong" for what is more commonly called a "safe" prime,
> I mean a "safe" prime, then.
> The WS method creatres primes that are guaranteed to be of the
> form p = 2q+1 where q is also prime.
Fine. Can you point me to a paper or book where this algorithm is
described (such as the publication that earned it its name)?
>>> seed-data. For example, after asking for 1024 bit primes, I tended
>>> to end up with 1032 bit ones. I don't know if this is a problem or
>>> not. Is it?
>> It is: Export cipher suites need Diffie-Hellman parameters of no more
>> than 512 bits.
> You mean "export from the US"?
Yes, exactly. They must not have more than 512 bits, but one also
wouldn't want do use less than this limit; and new TLS ciphersuites
might introduce a 1024 bit limit on Diffie-Hellman primes.
> I'm sure the code can be massaged to produce primes of the exact
> size (I've not played around with this very much) and, in any
> case, there is no reaosn why we can't use arbirarily large
> primes for places where the export rules don't prohibit it, is
> there?
In the general case, this should be O.K.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
