[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 1024 limit...



Perry E. Metzger writes:
 > >- Number of bits allowed when generating keys limited to 1024, in line
 > >  with the limits in RSAREF and BSAFE.  It used to be higher, but
 > >  folks, if you think you need a key larger than that, do some research
 > >  into the complexity of factoring.
 > 
 > I'm sure patches to fix this bit of fascism will show up soon.

No sooner said... Ahem. The patches to both PGP 2.5 and RSAREF 2.0 are
both obscenely trivial, actually, with the exception of the bug fix (!)
to idea.c, which was obtained mere minutes after my bug report
courtesy of [email protected] himself.

Should elegance be demanded, crypto.c and language.txt should both be
patched to mention the new upper limit. With MAX_RSA_MODULUS_BITS out
of the way, MAX_BIT_PRECISION is the next hard upper limit, defined as
1280 bits. There isn't any glaring reason not to increase that
constant as well... However, my goal for the nonce was to grandfather
old 1024+ keys.  I don't see much point nowadays in generating a new
key that a thousand other "stock" PGP users won't be able to utilize.

In accordance with the terms of the RSAREF 2.0 license agreement, I am
providing a copy of this modification by electronic mail (note CC:);
they may have a perpetual, royalty-free license to the three bytes I
changed :-)

nathan


Patches to PGP 2.5:
-------------------

*** keymgmt.c.dist	Sat May  7 21:15:18 1994
--- keymgmt.c	Mon May  9 13:06:54 1994
***************
*** 2618,2625 ****
--- 2618,2630 ----
  #ifndef DEBUG
  	/* minimum RSA keysize: */
  	if (keybits < 384) keybits=384;
+ #ifdef FASCIST
  	if (keybits > 1024)
  		keybits = 1024;
+ #else
+ 	if (keybits > MAX_BIT_PRECISION)
+ 		keybits = MAX_BIT_PRECISION;
+ #endif
  #else
  	if (keybits > MAX_BIT_PRECISION)
  		keybits = MAX_BIT_PRECISION;

*** idea.c.orig	Sun May  8 21:18:59 1994
--- idea.c	Tue May 10 14:22:48 1994
***************
*** 446,452 ****
  	int bufleft = context->bufleft;

  	if (bufleft) {
! 		memcpy(context->iv+bufleft, context->iv, 8-bufleft);
  		memcpy(context->iv, context->oldcipher+8-bufleft, bufleft);
  		context->bufleft = 0;
  	}
--- 446,452 ----
  	int bufleft = context->bufleft;

  	if (bufleft) {
! 		memmove(context->iv+bufleft, context->iv, 8-bufleft);
  		memcpy(context->iv, context->oldcipher+8-bufleft, bufleft);
  		context->bufleft = 0;
  	}


Patches to RSAREF 2.0:
----------------------

*** rsaref.h.dist	Fri Mar 25 14:01:49 1994
--- rsaref.h	Mon May  9 12:49:59 1994
***************
*** 31,37 ****
  /* RSA key lengths.
   */
  #define MIN_RSA_MODULUS_BITS 508
! #define MAX_RSA_MODULUS_BITS 1024
  #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8)
  #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2)
  #define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8)
--- 31,37 ----
  /* RSA key lengths.
   */
  #define MIN_RSA_MODULUS_BITS 508
! #define MAX_RSA_MODULUS_BITS 2048
  #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8)
  #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2)
  #define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8)