mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Fix generation of one-bit-short RSA keys.
I carefully tested commit 801ab68ea's rewrite of invent_firstbits in every way I could think of to ensure that I really was generating two values whose product was at least 'minproduct'. But unfortunately the value of 'minproduct' itself was off by a factor of two, which made the entire system pointless!
This commit is contained in:
parent
6ce6fe5712
commit
582284fa6c
@ -382,7 +382,7 @@ static inline unsigned firstbits_b_min(
|
|||||||
unsigned a, unsigned lo, unsigned hi, unsigned min_separation)
|
unsigned a, unsigned lo, unsigned hi, unsigned min_separation)
|
||||||
{
|
{
|
||||||
/* To get a large enough product, b must be at least this much */
|
/* To get a large enough product, b must be at least this much */
|
||||||
unsigned b_min = (lo*lo + a - 1) / a;
|
unsigned b_min = (2*lo*lo + a - 1) / a;
|
||||||
/* Now enforce a<b, optionally with minimum separation */
|
/* Now enforce a<b, optionally with minimum separation */
|
||||||
if (b_min < a + min_separation)
|
if (b_min < a + min_separation)
|
||||||
b_min = a + min_separation;
|
b_min = a + min_separation;
|
||||||
@ -397,7 +397,7 @@ void invent_firstbits(unsigned *one, unsigned *two, unsigned min_separation)
|
|||||||
/*
|
/*
|
||||||
* We'll pick 12 initial bits (number selected at random) for each
|
* We'll pick 12 initial bits (number selected at random) for each
|
||||||
* prime, not counting the leading 1. So we want to return two
|
* prime, not counting the leading 1. So we want to return two
|
||||||
* values in the range [2^12,2^13) whose product is at least 2^24.
|
* values in the range [2^12,2^13) whose product is at least 2^25.
|
||||||
*
|
*
|
||||||
* Strategy: count up all the viable pairs, then select a random
|
* Strategy: count up all the viable pairs, then select a random
|
||||||
* number in that range and use it to pick a pair.
|
* number in that range and use it to pick a pair.
|
||||||
@ -405,7 +405,7 @@ void invent_firstbits(unsigned *one, unsigned *two, unsigned min_separation)
|
|||||||
* To keep things simple, we'll ensure a < b, and randomly swap
|
* To keep things simple, we'll ensure a < b, and randomly swap
|
||||||
* them at the end.
|
* them at the end.
|
||||||
*/
|
*/
|
||||||
const unsigned lo = 1<<12, hi = 1<<13, minproduct = lo*lo;
|
const unsigned lo = 1<<12, hi = 1<<13, minproduct = 2*lo*lo;
|
||||||
unsigned a, b;
|
unsigned a, b;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
Loading…
Reference in New Issue
Block a user