[pycrypto] Bug in Crypto.PublicKey.RSA?
Dwayne C. Litzenberger
dlitz at dlitz.net
Wed Sep 17 20:19:02 CST 2008
On Tue, Sep 09, 2008 at 08:24:05AM -0400, Dwayne C. Litzenberger wrote:
>> >>> keysize=368
>> >>> privkeyA = RSA.generate(keysize, rpool.get_bytes)
>> [ finishes in close to zero time ]
>> >>> keysize=369
>> >>> privkeyA = RSA.generate(keysize, rpool.get_bytes)
>> Hangs forever.... well at least 10's of minutes.
>
> I filed a bug report:
>
> https://bugs.launchpad.net/pycrypto/+bug/268101
Fixed in http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.0.x.git;a=commitdiff;h=23dcc92f8edaf1e0ec76e1a4c31d950546c005fa
The problem is that you're trying to generate odd-length RSA keys. The offending code was:
while number.size(p*q) < bits:
p = pubkey.getPrime(bits/2, randfunc)
q = pubkey.getPrime(bits/2, randfunc)
I replaced it with:
while number.size(p*q) < bits:
p = pubkey.getPrime(bits/2, randfunc)
q = pubkey.getPrime(bits - (bits/2), randfunc)
However, notice that factoring n = p*q (and therefore breaking the RSA key)
isn't any harder with a 369-bit key as it is with a 368-bit key, because even
though q is now 185 bits long, p is still 184 bits.
So although I fixed this bug to prevent the infinite loop, you don't have any
reason to use odd-length RSA keys.
--
Dwayne C. Litzenberger <dlitz at dlitz.net>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20080917/f5055788/attachment.pgp
More information about the pycrypto
mailing list