[ Quoting <spa...@countryday.net> at 04:07 on Mar 7 in "RE: fermat primes an..." ] > > I would recommend that dnssec-keygen starts ignoring the "-e" parameter > > that everyone has put in their scripts to prevent exponent 3 keys, who are > > not getting keys with exponent 4294967296 + 1 (F5) > > > Alternatively, if this is done on purpose, I guess we should all migrate > > the 64 bit machines :) > > This is interesting, if I correctly understand your point, but it appears > that dnssec-keygen computes F5 differently than you do in your example in > http://code.google.com/p/go/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Status%20Stars%20Priority%20Owner%20Reporter%20Summary&groupby=&sort=&id=3161. > > In your example: > pubkey := new(rsa.PublicKey) > pubkey.N = big.NewInt(0) > pubkey.E = 4294967296 + 1 > which results in 32-bit integer overflow. > > In bind-9.9.0/lib/dns/opensslrsa_link.c, starting at line 750: > if (exp == 0) { > /* RSA_F4 0x10001 */ > BN_set_bit(e, 0); > BN_set_bit(e, 16); > } else { > /* F5 0x100000001 */ > BN_set_bit(e, 0); > BN_set_bit(e, 32); > }
Its not about integer overflow, it's about the fact that F5 does not add to the security, but does use up a lot of CPU cycles. grtz Miek
signature.asc
Description: Digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
