Email and privacy


[ Follow Ups ] [ Post Followup ] [ Supreme Law Firm Discussion Forum ] [ FAQ ]

Posted by Two Cities on September 26, 1997 at 14:56:20:

FYI
**************************************************
Since I am new to this, perhaps someone could provide
some answers to the following PGP and RSA security
concern of mine.

The source code for both PGP and RSA suggests that
the two most significant bits are set by default when
selecting the constituent primes (p,q) for the generation of
the modulus (m). For an n-bit m, p and q both start out
as members of the range 75% 2^(n/2) to 99.9999...% 2^(n/2).

The resulting return value of m is thus confined to
56.25% 2^n to 99.9999...% 2^n, and supposedly factoring is
hard.

However, for return values of the modulus at the extremes of
the available range, only a limited range of target candidate
primes are worthy of consideration.

I.e. the factorization of approx. 56.25% 2^n is by neccessity of
construction approx. 75% 2^(n/2) and some other number in close
proximity. No other inputs need to be considered. Since the
remaining bits are assigned 'randomly', a significant statistical
sample of modulus, will therefore fall close to the extremes of
the possible range, and can be identified by sight, as potentially
weak keys, and my conclusion is that not all keys are created
equal.

Worse than the above somewhat technical discussion, is the
notion that what I wrote could have merit, and that it was
pointed out by a novice. Do tell me that I am wrong.

Posted to alt.security.pgp




Follow Ups:



Post a Followup

Name:
E-Mail:

Subject:

Comments:

Optional Link URL:
Link Title:
Optional Image URL:


[ Follow Ups ] [ Post Followup ] [ Supreme Law Firm Discussion Forum ] [ FAQ ]