[12325] in cryptography@c2.net mail archive
Re: Key Pair Agreement?
daemon@ATHENA.MIT.EDU (Matt Crawford)
Tue Jan 21 11:53:08 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Tue, 21 Jan 2003 10:41:32 -0600
From: Matt Crawford <crawdad@fnal.gov>
In-reply-to: "20 Jan 2003 21:08:31 EST."
<200301210208.h0L28Mj02804@sydney.East.Sun.COM>
To: radia.perlman@sun.com
Cc: cryptography@wasabisystems.com
> I can see how Alice can easily generate two primes whose product
> will have that *high* order part, but it seems hard to generate an
> RSA modulus with a specific *low* order 64 bits.
Is it? As long as the lowest bit is a 1, Alice just has to search
for one prime that ends with 63 0's and a 1 (she may keep one up her
sleeve) and the other prime ending with the specified bits. As long
as the length of each prime is much greater than 64 bits, I don't see
that this slows her down too badly.
Isn't this the reason why using the bottom 32 bits of a PGP RSA key
for a key id is subject to a user-confusion attack?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
