fermat primes and dnssec-keygen bug?
Miek Gieben
miek at miek.nl
Wed Mar 7 07:15:08 UTC 2012
[ Quoting <spainj at countryday.net> at 04:07 on Mar 7 in "RE: fermat primes an..." ]
> > I would recommend that dnssec-keygen starts ignoring the "-e" parameter that everyone has put in their scripts to prevent exponent 3 keys, who are not getting keys with exponent 4294967296 + 1 (F5)
>
> > Alternatively, if this is done on purpose, I guess we should all migrate the 64 bit machines :)
>
> This is interesting, if I correctly understand your point, but it appears that dnssec-keygen computes F5 differently than you do in your example in http://code.google.com/p/go/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Status%20Stars%20Priority%20Owner%20Reporter%20Summary&groupby=&sort=&id=3161.
>
> In your example:
> pubkey := new(rsa.PublicKey)
> pubkey.N = big.NewInt(0)
> pubkey.E = 4294967296 + 1
> which results in 32-bit integer overflow.
>
> In bind-9.9.0/lib/dns/opensslrsa_link.c, starting at line 750:
> if (exp == 0) {
> /* RSA_F4 0x10001 */
> BN_set_bit(e, 0);
> BN_set_bit(e, 16);
> } else {
> /* F5 0x100000001 */
> BN_set_bit(e, 0);
> BN_set_bit(e, 32);
> }
Its not about integer overflow, it's about the fact that F5
does not add to the security, but does use up a lot of CPU cycles.
grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120307/8b56230f/attachment.bin>
More information about the bind-users
mailing list