Crypt::DH 0.4

Paul Crowley paul at
Mon Jun 6 16:03:34 PDT 2005

Brad Fitzpatrick wrote:
> The docs say Upper is an exclusive bound, while Lower is inclusive.

I know, I checked carefully :-)

> So:
>   makerandom_itv(Strength => 0, Lower => 1, Upper => $dh->{p})

What I had was slightly more correct.  g^(p-1) === 1 (mod p) - so if the 
public key is not to be 1, then the exponent must lie in the range 1 <= 
x < p-1.

However, if subtracting 1 is a problem, don't bother - the probability 
that it'll arise is insanely small.

> The _makerandom fix is easy enough.  Easiest is just making sure the $bits
> substr used matches /1/ first.

No, that's not the same.  For this application, just measure the size of 
  Upper in bits, then produce a number that has this many bits, then 
reject it if it falls outside the specified range and try again.  I 
hadn't noticed that Uniform was thus defined - we don't want to force 
the high bit to be set.  I can't work out whether Crypt::Random's 
"makerandom_itv" does the right thing when Uniform is on or off, since 
that parameter doesn't make sense for that function.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list