[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: java.security expert?
|
From: |
Casey Marshall |
|
Subject: |
Re: java.security expert? |
|
Date: |
Fri, 05 Mar 2004 20:28:34 -0800 |
|
User-agent: |
Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Tom" == Tom Tromey <address@hidden> writes:
Tom> //Step 1 - generate prime
Tom> BigInteger p = new BigInteger( (pmax + pmin)/2, new Random() );
This uses a simple linear congruential PRNG seeded with the current
time to generate the number, which really isn't secure.
Tom> + //Step 7.1 - test primality
Tom> + if( p.isProbablePrime( 1 ) == true )
Tom> + {
This is almost certainly wrong. isProbablePrime(n) will return `true'
correctly (i.e. when the number is actually prime) with a probability
of 1 - 1 / 2^n, meaning that the above lies about a prime 1/2 the
time. This is bad, especially when the security of your system depends
on large prime.
Where is this used? It is probably a better idea to use just the
constructor of BigInteger that generates random primes, and to use a
well-seeded instance of SecureRandom to pass it. The prime test in
BigInteger (probably Miller-Rabin) is good enough.
Also `== true' is just silly. I say we dust off and nuke the site from
orbit. It's the only way to be sure.
- --
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
iD8DBQFASVMvgAuWMgRGsWsRAh+OAJ4nxOj1AkYtLm/3HXIq4Ll34z5zVQCfUCbL
Tjb5JmrVGNYwJn44OqRn0FI=
=N0T3
-----END PGP SIGNATURE-----