Bruce Schneier (schneier@counterpane.com)
Sat, 16 May 1998 09:03:21 -0500
Isn't this nonsense? The modern factoring methods (NFS and its variants)
work much better than Pollard Rho, and don't care about these "strong prime"
characteristics. Why should I bother optimizing my primes against attacks
that are less efficient than attacks that don't care about my optimizations?
At 01:04 AM 5/16/98 -0400, Lewis McCarthy wrote:
>Joey Grasty wrote:
>> >TITLE: Another Test on RSA Keys
>> >
>> >AUTHOR: Jennifer Roma Seberry (Wallis)
>> > MSc, PhD, FIMA, FTICA, FACS, CMath, SMIEEE, MIACR, MACM
>[...]
>> >ABSTRACT: This is a general talk discussing the RSA algorithm and attacks
>> >against its keys. We show that a known test, which has not been noticed,
>> >means that about one quarter of the keys currently in use are vulnerable
>> >to attack.
>
>For more details, see http://www.cs.uwm.edu/cs/seminar/seberry.html
>which announces a talk Seberry gave on this in February:
>"Some New Pollard Rho's and Attacks for RSA". The talk abstract
>concludes:
> We conclude that a safe RSA prime p ``engineered'' to
> withstand all of the above attacks should have the following
> properties: i) p-1 should have a big factor, say t; ii) item p+1
> should have a big factor, say w; iii) t+1 should have a big factor;
> iv) t-1 should have a big factor; v) w+1 should have a big factor; vi)
> w-1 should have a big factor.
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590
http://www.counterpane.com
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:24 ADT