Weak DH primes and openssh
Damien Miller
djm at mindrot.org
Sat May 23 20:16:04 AEST 2015
On Fri, 22 May 2015, Daniel Kahn Gillmor wrote:
> PS Darren, has there been any attempt at generating primality proofs for
> the values in ./moduli, as opposed to 100 rounds of Miller-Rabin? It
> would be a shame for a pseudoprime to slip in, however unlikely that
> would be.
I looked at it a few years ago, but couldn't figure out a way to
generate provable safe primes. I'd love someone to get this working.
AFAIK the number of Miller-Rabin tests we do is many times more than
OpenSSL's baseline BN_is_prime() false positive rate of 2^-80.
-d
More information about the openssh-unix-dev
mailing list