[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: forward secrecy in mixmaster
> This has been discussed extensively for Internet security reasons, and the
> Photuris folks decided to use a common modulus (actually, several with different
> lengths.) I think they chose a strong prime (form p = 2q+1, q prime),
> specifically to avoid small-prime attacks, though they may have decided
> that that was no longer necessary.
I assume from the last sentence that you know that the use of strong
primes is no longer advantageous but I will just reiterate it here
for the good of those writing code which implements strong primes:
Strong primes are no longer of any benefit for cryptographic
The elliptic curve method of factoring takes no longer to factor a
"strong" prime than it does for any other general number.
You may *SLIGHTLY* hinder progress if an attacker sieves first, but
as you should have done so when you created the primes in the first
place it won`t be a problem because there wont be any small factors.
Implementing strong primes won`t make your code any less secure, it
will just take longer to create the keys and won`t gain you any
security, all te big boys are using elliptic curve factoring methods
now so you really have nothing to gain.
Datacomms Technologies web authoring and data security
Paul Bradley, [email protected]
"Don`t forget to mount a scratch monkey"
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----