[openssl-dev] common factors in (p-1) and (q-1)

[Blumenthal, Uri - 0553 - MITLL]

I hear you. Let me discuss this with‎ my colleagues, and get back to the list if they see good reasons to add this check.

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
From: Bill Cox
Sent: Friday, July 31, 2015 20:09
To: openssl-dev at openssl.org
Reply To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] common factors in (p-1) and (q-1)

On Fri, Jul 31, 2015 at 4:43 PM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
I think adding the recommended check would be beneficial. Considering the frequency of ‎key generation, performance impact shouldn't matter all that much. 

Samuel's argument above is one I've heard before from Thomas Porin, which is why I was not recommending we do or do not do this check.  I was just estimating the performance hit.

I personally have not gone over the paper Samuel linked to other than to read the abstract.  However, assuming the paper's claims are correct, which seems to be backed up by these two fine cryptography experts, I think the additional check would do more harm than good.

Bill 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150801/a836673c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4350 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150801/a836673c/attachment-0001.bin>