From b2f4de02b994b65757d066c448af31d5da7cfde3 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Fri, 27 Dec 2002 16:54:14 +0000 Subject: [PATCH] Mention in the documentation that the method of generating RSA keys might give a bit count one less than the one the user asked for. Two people have been worried by this now, and it's probably worth documenting that it's perfectly normal. [originally from svn r2369] --- doc/pubkey.but | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/pubkey.but b/doc/pubkey.but index 1a55ccb7..8a5ed1f0 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -1,4 +1,4 @@ -\versionid $Id: pubkey.but,v 1.19 2002/11/01 21:50:35 jacob Exp $ +\versionid $Id: pubkey.but,v 1.20 2002/12/27 16:54:14 simon Exp $ \C{pubkey} Using public keys for SSH authentication @@ -150,6 +150,18 @@ of the key PuTTYgen will generate. Currently 1024 bits should be sufficient for most purposes. +Note that an RSA key is generated by finding two primes of half the +length requested, and then multiplying them together. For example, +if you ask PuTTYgen for a 1024-bit RSA key, it will create two +512-bit primes and multiply them. The result of this multiplication +might be 1024 bits long, or it might be only 1023; so you may not +get the exact length of key you asked for. This is perfectly normal, +and you do not need to worry. The lengths should only ever differ by +one, and there is no perceptible drop in security as a result. + +DSA keys are not created by multiplying primes together, so they +should always be exactly the length you asked for. + \S{puttygen-generate} The \q{Generate} button \cfg{winhelp-topic}{puttygen.generate}