Re: DH:secure Prime & RndNum Sizes for key generation?

Anonymous (nobodyreplay.com)
Tue, 28 Sep 1999 09:28:16 +0200 (CEST)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Mok-Kong Shen: "Re: Electronic envelopes"
• Previous message: jeromepsti.com: "Re: Electronic envelopes"
• In reply to: Coda Hale: "Re: Electronic envelopes"

> Actually, who needs to generate them when the works already been done?
> The primes can be publicly known, they do not need to be kept secret,
> so might as well hard-code them in.
> I went to this address:
> http://www.utm.edu/research/primes/largest.html
> They have a searchable database and I found a prime of exactly the
> number of digits I need in a couple of minutes. :-) Yes, they even have
> 16,000 bit primes. :-)

Yes, those should be OK. Use a Sophie Germain prime (actually use 2p+1
where p is the Sophie Germain prime). Then use a generator with order p.
Every generator (except 1 and 2p) will have order p or 2p, half with each.
Try a random value for g and compute g^p mod (2p+1). You want the result
to be 1. If it isn't (it will be 2p then) pick another g and try again.

Such g's have the advantage that they don't leak the low order bit of x
from g^x. Of course they do "leak" the high order bit of x, because x
has to be one bit less with such g's so the high order bit is always zero.
But that doesn't matter very much the way these things are usually used.

• Next message: Mok-Kong Shen: "Re: Electronic envelopes"
• Previous message: jeromepsti.com: "Re: Electronic envelopes"
• In reply to: Coda Hale: "Re: Electronic envelopes"

This archive was generated by hypermail 2.0b3 on Tue Sep 28 1999 - 05:08:35 CDT