Key Pair Agreement?
Matt Crawford
crawdad at fnal.gov
Tue Jan 21 11:41:32 EST 2003
> I can see how Alice can easily generate two primes whose product
> will have that *high* order part, but it seems hard to generate an
> RSA modulus with a specific *low* order 64 bits.
Is it? As long as the lowest bit is a 1, Alice just has to search
for one prime that ends with 63 0's and a 1 (she may keep one up her
sleeve) and the other prime ending with the specified bits. As long
as the length of each prime is much greater than 64 bits, I don't see
that this slows her down too badly.
Isn't this the reason why using the bottom 32 bits of a PGP RSA key
for a key id is subject to a user-confusion attack?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list