Crypt::DH 0.4
Paul Crowley
paul at ciphergoth.org
Mon Jun 6 16:03:34 PDT 2005
Brad Fitzpatrick wrote:
> The docs say Upper is an exclusive bound, while Lower is inclusive.
I know, I checked carefully :-)
> So:
>
> makerandom_itv(Strength => 0, Lower => 1, Upper => $dh->{p})
What I had was slightly more correct. g^(p-1) === 1 (mod p) - so if the
public key is not to be 1, then the exponent must lie in the range 1 <=
x < p-1.
However, if subtracting 1 is a problem, don't bother - the probability
that it'll arise is insanely small.
> The _makerandom fix is easy enough. Easiest is just making sure the $bits
> substr used matches /1/ first.
No, that's not the same. For this application, just measure the size of
Upper in bits, then produce a number that has this many bits, then
reject it if it falls outside the specified range and try again. I
hadn't noticed that Uniform was thus defined - we don't want to force
the high bit to be set. I can't work out whether Crypt::Random's
"makerandom_itv" does the right thing when Uniform is on or off, since
that parameter doesn't make sense for that function.
--
__
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/
More information about the yadis
mailing list