On Sat May 1 2010, PMHager wrote: > On Friday, April 30, 2010 19:22 Stephan Müller wrote: > > I am not sure but "BN_generate_prime_ex" sounds like its generates > > (pseudo)primes. So you have with _very high_ probability gcd(C,N) = 1 > > for all N.. > > If the security of an algorithm relies on C and N to be relative > prime, then a very high probability is not sufficient. >
Think about that statement a bit - Those very large numbers are called _pseudo_ primes for a reason. Because there is no known __practical__ method for proving they are prime. If that could be proven, then "pseudo" would not be a qualifier in their descriptive name. Finding X in gcd(C,N) = X, where X != 1 is the same "prime proving" problem. Or, perhaps better said: "proving it is not prime". Until you can tell the world of a __practical__ method of proving the above; then "very high probability" is all you get to work with. "Presumed unsolvable" is the case here, at least until you publish. Live with it or pick a different algorithm. Mike > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
