[18314] in cryptography@c2.net mail archive
Re: Fwd: Tor security advisory: DH handshake flaw
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sun Aug 28 10:14:37 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 28 Aug 2005 13:40:42 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: astiglic@okiok.com
Cc: cryptography@metzdowd.com
In-Reply-To: <44451.207.236.193.195.1125072415.squirrel@mail.okiok.com>
astiglic@okiok.com wrote:
> So Miller-Rabin is good for testing random candidates, but it is easy to
> maliciously construct an n that passes several rounds of Miller-Rabin.
Interesting! So how does one go about constructing such an n?
> Maurer’s method doesn’t pick and test random candidates, rather it
> constructs, in a special way, an integer that is guaranteed to be prime.
> Don’t be concerned about secrecy of prime generated with Maurer’s method,
> the method generates primes that are almost uniformly distributed over the
> set of all numbers (this is different from another algorithm called
> Shawe-Taylor, which is similar in functioning but only reaches 10% of all
> primes of a specified set).
I presume you mean densely distributed over the set of all primes?
Uniform distribution isn't much use if its sparse!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
