> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Patrick Patterson > Sent: Thursday, July 17, 2008 8:04 AM > To: openssl-users@openssl.org > Subject: Re: Prime number generation on FreeBSD-sparc64 > > > On July 17, 2008 10:48:51 am Yuliya Shulman wrote: > > I'm not using OpenSSL to generate the list of primes. OpenSSl is using > > it in the following path: > > > > RSA_generate_key() - in rsa_depr.c > > RSA_generate_key_ex() in rsa_gen.c > > rsa_builtin_keygen() in rsa_gen.c > > BN_generate_prime_ex() in prime.c > > BN_is_prime_fasttest_ex() in bn_prime.c > > > That's probably exactly what you should be doing. > > Since the table of primes previously mentioned tops out at around > 30bit primes > (and there are 50 Million of those)... and modern cryptography > suggests at > least 4096 bit primes, you are completely doing the right thing > by not using > a table.
ONLY IF he's using LARGE primes. He hasn't said if he is or not. Meaning, in the algorithim cited, he would be requesting much larger than a 64 bit prime. He's actually been extremely coy about what exactly he is doing, and has just let us make assumptions. :-) Nor did he respond to my statement challenging whether he is generating small primes or not. :-) Which is why I warned him about it. The only thing he's said is that openssl is using the primes, during a key generation of some kind, so we can assume it's some kind of crypto app. Your assuming he is generating large keys, but he has not given any indication that he is, in fact, doing this. > (Just to make it clear - an application using those > tables would be > trivially crackable - and not just by reverse engineering the code :) > As would an application that was using a small key, randomly generated though it might be. If he IS in fact running some app that uses insecure, small keys, then it's pointless to generate primes when he can randomly select from a table of them. Either way, the "security" in the application is "feel good" and does nothing towards making the app actually secure. Ted ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
