[pycrypto] ANN: PyCrypto 2.1.0 alpha 2 released and Bug #408660

don at amberfisharts.com don at amberfisharts.com
Tue Oct 20 05:03:23 CST 2009

Hi Dwayne,

thanks for the work you put into pycrypto. I appreciate it.
You asked for some feedback. So here it goes:
 * I don't use to many features. Just RSA (sign, verify, en-/decrypt) 
   and AES (en-/decrypt in CBC mode)
 * Those features seem to work.
 * No build problems
 * My system is a Intel Core2 Duo with Gentoo (~amd64) installed
 * If anything I would ask for better documentation.
Not much else I can say right now.

You also asked for help with bug #408660 [1]. Well, I read through the paper 
you recommended there [2] but I don't get a crucial point.
I have to admit that I am no cryptographer by any meens. But still here goes 
my question.
The criterion that the bug says is missing from the current implementation 
is §1 (1): 
"If e, the public exponent is odd, then e shall be relatively prime 
to p-1 and q-1."
Then the critical part in the paper is in §2.3 the last sentence.
"One also sieves the public exponent e at this time, so that candidates p 
with e|p-1 are also removed."
Does this mean that by sieving out multiples of e one eliminates candidates p 
with e|p-1? I don't see how this is possible so either
   a) that's not what the auther is saying,
   b) the auther is mistaken
or c) I don't get it.
I would think that one would have to remove all candidates p with p mod e = 1
Because p mod e = 1 means p = x*e + 1 and then p-1 = x*e so e|p-1, right?
What do you (or anybody else) think?

Beside this crucial question (which after all was all the initial bug report 
was about) I have gone ahead and implemented a C-function getStrongPrime() 
which implements the method described in that paper [2].
I will clean up the code later today and send it in for review.

sincerely yours,

[1] https://bugs.launchpad.net/pycrypto/+bug/408660
[2] http://citeseerx.ist.psu.edu/viewdoc/download?doi=

More information about the pycrypto mailing list