PuTTY compatibility: Does gen_rsa_priv_key still need to regenerate primes until modulus is a multiple-of-8-bits long ?
Sajin.Valoth at Emerson.com
Sajin.Valoth at Emerson.com
Fri Sep 12 23:32:01 WST 2008
Hi all,
With dropbear 0.48.1 running on a MIPS Au1550 platform,
RSA key generation occasionally takes a very long time (multiple
minutes);
the problem was traced to the loop shown below in
gen_rsa_priv_key()
which executes many times, until a value of the modulus, n,
is finally computed that is a multiple-of-8-bits long.
65 /* PuTTY doesn't like it if the modulus isn't a multiple
of 8 bits,
66 * so we just generate them until we get one which is OK
*/
67 getrsaprime(key->p, &pminus, key->e, size/2);
68 do {
69 getrsaprime(key->q, &qminus, key->e, size/2);
70
71 if (mp_mul(key->p, key->q, key->n) != MP_OKAY) {
72 fprintf(stderr, "rsa generation
failed\n");
73 exit(1);
74 }
75 } while (mp_count_bits(key->n) % 8 != 0);
I've found a post from Matt Johnston back in 2003 that indicates
why this loop was addded:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2003-July/018639.htm
l
However, using more recent versions of PuTTY (0.58 and 0.60),
I don't see any problems
with keys generated by dropbear where the modulus is not a
multiple-of-8-bits long.
So, my question is: should the loop above be deprecated since
it doesn't appear to be necessary any more?
Thanks,
-- Sajin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080912/10fead42/attachment.htm
More information about the Dropbear
mailing list