[16002] in cryptography@c2.net mail archive
Re: Cryptography and the Open Source Security Debate
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Aug 25 15:46:19 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 25 Aug 2004 15:17:15 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: lrk <crypto@ovillatx.sytes.net>
Cc: Jon Callas <jon@callas.org>, cryptography@metzdowd.com
In-Reply-To: <20040823210232.GA269@ovillatx.sytes.net>
lrk wrote:
> On Thu, Aug 12, 2004 at 03:27:07PM -0700, Jon Callas wrote:
>
>>On 10 Aug 2004, at 5:16 AM, John Kelsey wrote:
>>
>>
>>>So, how many people on this list have actually looked at the PGP key
>>>generation code in any depth? Open source makes it possible for
>>>people to look for security holes, but it sure doesn't guarantee that
>>>anyone will do so, especially anyone who's at all good at it.
>>
>>Incidentally, none of the issues that lrk brought up (RSA key being
>>made from an "easy to factor" composite, a symmetric key that is a weak
>>key, etc.) are unique to PGP.
>
>
> Yep. And I know that. But as my hair turns grey, I make more simple mistakes
> and catch fewer of them.
>
>
> Looks like we are batting zero here. I have seen no responses nor received
> off-list e-mail from anyone admitting to examining the open source for holes.
>
>
> My examination of RSAREF and OpenSSL code was more toward understanding how
> they handled big numbers. It appears both generate prime numbers which are
> half the length of the required N and with both of the two most significant
> bits set to one. This means the ratio R=P/Q (P being the larger prime) is
> limited to 1<R<(4/3). The actual maximum R is less and can be determined
> by examining N.
This doesn't sound right to me - OpenSSL, IIRC, sets the top and bottom
bits to 1. Of course, all large primes have the bottom bit set to one.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
