[18347] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Fwd: Tor security advisory: DH handshake flaw

daemon@ATHENA.MIT.EDU (Werner Koch)
Wed Aug 31 08:54:26 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Simon Josefsson <jas@extundo.com>
Cc: Ben Laurie <ben@algroup.co.uk>, cryptography@metzdowd.com,
	astiglic@okiok.com
From: Werner Koch <wk@gnupg.org>
Date: Wed, 31 Aug 2005 07:46:10 +0200
In-Reply-To: <iluslws21y8.fsf@latte.josefsson.org> (Simon Josefsson's
 message of "Mon, 29 Aug 2005 17:32:47 +0200")

On Mon, 29 Aug 2005 17:32:47 +0200, Simon Josefsson said:

> which are Fermat pseudoprime in every base.  Some applications,
> e.g. Libgcrypt used by GnuPG, use Fermat tests, so if you have control
> of the random number generator, I believe you could make GnuPG believe
> it has found a prime when it only found a Carmichael number.

5 Rabin-Miller tests using random bases are run after a passed Fermat
test.


Salam-Shalom,

   Werner




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18347] in cryptography@c2.net mail archive

Re: Fwd: Tor security advisory: DH handshake flaw

daemon@ATHENA.MIT.EDU (Werner Koch)Wed Aug 31 08:54:26 2005

daemon@ATHENA.MIT.EDU (Werner Koch)
Wed Aug 31 08:54:26 2005