[pycrypto] ANN: PyCrypto 2.1.0 alpha 2 released and Bug #408660
don at amberfisharts.com
don at amberfisharts.com
Tue Oct 20 05:03:23 CST 2009
Hi Dwayne,
thanks for the work you put into pycrypto. I appreciate it.
You asked for some feedback. So here it goes:
* I don't use to many features. Just RSA (sign, verify, en-/decrypt)
and AES (en-/decrypt in CBC mode)
* Those features seem to work.
* No build problems
* My system is a Intel Core2 Duo with Gentoo (~amd64) installed
* If anything I would ask for better documentation.
Not much else I can say right now.
You also asked for help with bug #408660 [1]. Well, I read through the paper
you recommended there [2] but I don't get a crucial point.
I have to admit that I am no cryptographer by any meens. But still here goes
my question.
The criterion that the bug says is missing from the current implementation
is §1 (1):
"If e, the public exponent is odd, then e shall be relatively prime
to p-1 and q-1."
Then the critical part in the paper is in §2.3 the last sentence.
"One also sieves the public exponent e at this time, so that candidates p
with e|p-1 are also removed."
Does this mean that by sieving out multiples of e one eliminates candidates p
with e|p-1? I don't see how this is possible so either
a) that's not what the auther is saying,
b) the auther is mistaken
or c) I don't get it.
I would think that one would have to remove all candidates p with p mod e = 1
Because p mod e = 1 means p = x*e + 1 and then p-1 = x*e so e|p-1, right?
What do you (or anybody else) think?
Beside this crucial question (which after all was all the initial bug report
was about) I have gone ahead and implemented a C-function getStrongPrime()
which implements the method described in that paper [2].
I will clean up the code later today and send it in for review.
sincerely yours,
Lorenz
[1] https://bugs.launchpad.net/pycrypto/+bug/408660
[2] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.17.2713&rep=rep1&type=pdf
More information about the pycrypto
mailing list