[openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o
Ann
a.yousar at informatik.hu-berlin.de
Mon Dec 21 11:41:38 UTC 2015
Felix,
the real security hole is your key length.
For a key length greater 1024 p and q should never be identical. The
chance of p being not a prime is probably greater.
In case p=q the Euler function will be p(p-1), whereas OpenSSL uses
(p-1)(q-1) , i.e. (p-1)^2. In this case RSA, i.e. c:=m^e, m:=c^d, will
not work.
/Ann.
More information about the openssl-dev
mailing list