[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris Primality verification needed

"William Allen Simpson" writes:
> Folks, I was somewhat disappointed in the response to our previous
> requests for verification of the strength of the prime moduli.
> Recently, someone asked for a smaller prime of only 512-bits for speed.
> This is more than enough for the strength of keys needed for DES, 3DES,
> MD5 and SHA.  Perhaps this would be easier to have more complete and
> robust verification as well.

I think that this is a very large mistake. Allow me to explain why.

La Macchia (sp?) and Odlyzko (sp?) have a very nice result which shows
that once you've done enough precalculation on a particular modulus,
you can break any subsequent Diffie-Hellman operation performed on
that modulus with (for our purposes) no effort. 512 bits is, from what
I can tell, not far out of the realm of possibility for what someone
could try to crack with current machines given enough effort.

[Sorry about the spelling. I'm tired, and don't have time to look up
your names. I know that Brian at least reads this list and I'm sorry
about likely misspelling your name.]