-
Adam Langley authored
While half of all numbers don't have their most-significant bit set, this is becoming increasingly impermissible for RSA moduli. In an attempt to exclude weak keys, several bits of software either do, or will, enforce that RSA moduli are >= 1024-bits. However, Go often generates 1023-bit RSA moduli which this software would then reject. This change causes crypto/rsa to regenerate the primes in the event that the result is shorter than requested. It also alters crypto/rand in order to remove the performance impact of this: The most important change to crypto/rand is that it will now set the top two bits in a generated prime (OpenSSL does the same thing). Multiplying two n/2 bit numbers, where each have the top two bits set, will always result in an n-bit product. (The effectively makes the crypto/rsa change moot, but that seems too fragile to depend on.) Also this change adds code to crypto/rand to rapidly eliminate some obviously composite numbers and reduce the number of Miller-Rabin tests needed to generate a prime. R=rsc, minux.ma CC=golang-dev https://golang.org/cl/7002050
975bf6d3
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| example_test.go | ||
| rand.go | ||
| rand_test.go | ||
| rand_unix.go | ||
| rand_windows.go | ||
| util.go |