[EMAIL PROTECTED] - Thu Jul 1 12:52:19 2004]:
> Richard Levitte via RT schrieb:
> > Well, that depends on what you mean with number of bits. Take a number
> > like 0x0432, how many bits does it have? You could view it as a word,
> > and say it has 16 bits, or you could look at it more closely, and find
> > out that it has 11 *significant* bits.
> >
> > BN_num_bits() counts significant bits.
>
> OK, now I get it...
>
>
> > Another way to find this out is to add the following line to your
> > program:
> >
> > printf ("The number: "); BN_print_fp(stdout, pPubKey); printf ("\n");
> >
> > Looking at the output, I counted 511 hex characters. 511 * 4 = 2044.
> >
> > I don't think this is a bug. If you want to know the size of
pPubKey in
> > byte increments, use BN_num_bytes() and multiply with 8.
>
> I'd suggest to clarify the man page of 'BN_num_bits':
> People (such as me) are tempted to use 'BN_num_bits' to get the key size
> (class) of a private or public key, and expect that its size matches the
> size (class) of its counterpart (public or private key). With "size
> class" I mean 512, 1024, 2048 bit etc.
> Now what I experience is that the size of the public key that was
> generated from a given private key (e.g. with 'DH_generate_key') does
> not always match the size of the private key, which is confusing...
Bitsize of public key is a popular easy estimate for hardness of
breaking cryptosystem. For DH, it roots in group size that is defined by
a large modulus and a proper generator. So, the estimate is
bitsize of the modulus, as was pointed already.
There was never any reason to expect the DH public value
(that is, generator power DH secret) to be of the same bitsize.
Modular arithmetics would enforce DH public value to be less than modulus.
I'd like to stress that sometime confusing bitsize of that
public value cant be explained by setting top-value bits
of random bignumbers generated: it's the result of exponentiation.
It is difficulty of discrete logarithm over DH group that
is related to hardness of chosing some DH secret key
that would result in proper bitsize of the public value.
Regards,
Vadim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
