Re: generating weak primes

Anonymous (nobody@replay.com)
Sun, 29 Mar 1998 09:15:07 +0200 (MET DST)

• Next message: Stephen Zander: "Re: Export Strong Crypto (was: reference)"
• Previous message: Alex Alten: "Re: key escrow"
• In reply to: Lewis McCarthy: "Re: key escrow"

hamdi.tounsi@ati.tn asked

> sorry if my question seems strange ! i just wanna generate WEAK large
> primes !! this implies : what are special forms easily factored, and by
> which algorithms ?

hal@rain.org answered

> As most people know, primes can't be factored. So I assume that what
> you really want is to generate a product of two large primes where it
> superficially looks like it will be hard to factor, but in fact it turns
> out to be easy.

> The first thing to realize is that it is very hard to do this without
> getting caught. Although you can choose weak primes so that an attacker
> could factor the product with some algorithm, you can't credibly claim
> that you didn't know your primes were weak. ...

But factoring a number is not the same for all observers.

If you write the prime-generator, and users evaluate it using only the
output, they will produce values of n=p.q factorable by you (but not
by others).

No 'weak primes' are used, but the overall scheme has the weakness that
the implementor can determine your primes by performing factorisation of
_half_ the size of your modulus.

• Next message: Stephen Zander: "Re: Export Strong Crypto (was: reference)"
• Previous message: Alex Alten: "Re: key escrow"
• In reply to: Lewis McCarthy: "Re: key escrow"