[Cryptography] Generating random values in a particular range

[Sidney Markowitz]

John Levine wrote on 7/08/16 3:08 AM:
> It's not quite that simple -- there's a hash step before deciding
> whether to throw the value away.  But I agree that's stupendously
> obvious for 2000.  

Oh, right, the patent is actually about taking the output of the RNG which
might be fewer bits than the length of the number you want when generating a
key and hashing it to get the right bit length. Like for example when
generating a RSA key you can take so many random bits and hash them to a
longer bit string of fixed length L that you then test for primality. If
before you do the primality test you first reject the hash result if as an
integer it is greater than some particular L-bit length prime, then you have
done what the claims of the patent say.

The patent is not about generating a uniform random variable in a range.

What that means is that if you do what we are talking about here, generate a
uniform random integer between 0 and N by rejecting any output of the
underlying PRNG that is larger than N, then it has nothing to do with this patent.

> 
> The hard part with these really obvious patents is finding someone who
> documented the technique before the priority date.  Since it's
> obvious, why bother to write it up?
> 

Now I'm curious. Do the primality tests that are usually used for generating a
prime of some fixed length L for a key that needs a large prime such as RSA
make use of some specific L-bit prime that the result must be less than? Or
will any L bit random number be run through the same primality test? Because
if all you do is hash some 256 bit random number to get 2048 bits that contain
256 bits of entropy and then test it for primality without as a first step
checking if the 2048 bit number is too large, you have not practiced the
claims of this patent. So is this patent obvious or is it useless?

 Sidney