PuTTY compatibility: Does gen_rsa_priv_key still need to regenerate primes until modulus is a multiple-of-8-bits long ?

Sajin.Valoth at Emerson.com Sajin.Valoth at Emerson.com
Fri Sep 12 23:32:01 WST 2008


Hi all,
 
     With dropbear 0.48.1 running on a MIPS Au1550 platform, 
     RSA key generation occasionally takes a very long time (multiple
minutes);
     the problem was traced to the loop shown below in
gen_rsa_priv_key()
     which executes many times, until a value of the modulus, n,
     is finally computed that is a multiple-of-8-bits long.
 

     65         /* PuTTY doesn't like it if the modulus isn't a multiple
of 8 bits,
     66          * so we just generate them until we get one which is OK
*/
     67         getrsaprime(key->p, &pminus, key->e, size/2);
     68         do {
     69                 getrsaprime(key->q, &qminus, key->e, size/2);
     70
     71                 if (mp_mul(key->p, key->q, key->n) != MP_OKAY) {
     72                         fprintf(stderr, "rsa generation
failed\n");
     73                         exit(1);
     74                 }
     75         } while (mp_count_bits(key->n) % 8 != 0);

       I've found a post from Matt Johnston back in 2003 that indicates
why this loop was addded:
 
 
http://lists.mindrot.org/pipermail/openssh-unix-dev/2003-July/018639.htm
l
 
          However, using more recent versions of PuTTY  (0.58 and 0.60),
I don't see any problems
          with keys generated by dropbear where the modulus is not a
multiple-of-8-bits long.
 
          So, my question is: should the loop above be deprecated since
it doesn't appear to be necessary any more?
 
          Thanks,
          -- Sajin
          
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080912/10fead42/attachment.htm 


More information about the Dropbear mailing list