<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3354" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face="Courier New" size=2><SPAN class=937070315-12092008>Hi
all,</SPAN></FONT></DIV>
<DIV><FONT face="Courier New" size=2><SPAN
class=937070315-12092008></SPAN></FONT> </DIV>
<DIV><FONT face="Courier New" size=2><SPAN
class=937070315-12092008> With dropbear 0.48.1 running
on a MIPS Au1550 platform, </SPAN></FONT></DIV>
<DIV><FONT face="Courier New" size=2><SPAN
class=937070315-12092008> RSA key generation
occasionally takes a very long time (multiple minutes);</SPAN></FONT></DIV>
<DIV><FONT face="Courier New" size=2><SPAN
class=937070315-12092008> the problem was traced to the
loop shown below in gen_rsa_priv_key()</SPAN></FONT></DIV>
<DIV><FONT face="Courier New" size=2><SPAN
class=937070315-12092008> which executes many times,
until a value of the modulus, n,</SPAN></FONT></DIV>
<DIV><FONT face="Courier New" size=2><SPAN
class=937070315-12092008> is finally computed that is a
multiple-of-8-bits long.</SPAN></FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><BR><FONT face="Courier New" size=2>
65 /* PuTTY doesn't like it if
the modulus isn't a multiple of 8 bits,<BR>
66 * so we just generate
them until we get one which is OK */<BR>
67 getrsaprime(key->p,
&pminus, key->e, size/2);<BR>
68 do
{<BR>
69
getrsaprime(key->q, &qminus, key->e,
size/2);<BR> 70<BR>
71
if (mp_mul(key->p, key->q, key->n) != MP_OKAY)
{<BR>
72
fprintf(stderr, "rsa generation failed\n");<BR>
73
exit(1);<BR>
74
}<BR> 75
} while (mp_count_bits(key->n) % 8 != 0);<BR></FONT></DIV>
<DIV><SPAN class=937070315-12092008><FONT face="Courier New"
size=2> <FONT face=Arial> I've found a post
from Matt Johnston back in 2003 that indicates why this loop was
addded:</FONT></FONT></SPAN></DIV>
<DIV><SPAN class=937070315-12092008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN
class=937070315-12092008> <FONT
face=Arial size=2> <A
href="http://lists.mindrot.org/pipermail/openssh-unix-dev/2003-July/018639.html">http://lists.mindrot.org/pipermail/openssh-unix-dev/2003-July/018639.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=937070315-12092008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN
class=937070315-12092008> <FONT
face=Arial size=2> However, using more recent versions of
PuTTY (0.58 and 0.60), I don't see any problems</FONT></SPAN></DIV>
<DIV><SPAN class=937070315-12092008><FONT face=Arial
size=2> with keys
generated by dropbear </FONT></SPAN><SPAN class=937070315-12092008><FONT
face=Arial size=2>where the modulus is not a multiple-of-8-bits
long.</FONT></SPAN></DIV>
<DIV><SPAN class=937070315-12092008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=937070315-12092008><FONT face=Arial
size=2> So, my question
is: should the loop above be deprecated since it doesn't appear to be necessary
any more?</FONT></SPAN></DIV>
<DIV><SPAN class=937070315-12092008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN
class=937070315-12092008> <FONT
face=Arial size=2> Thanks,</FONT></SPAN></DIV>
<DIV><SPAN
class=937070315-12092008> --
Sajin</SPAN></DIV>
<DIV><SPAN
class=937070315-12092008> </SPAN></DIV></BODY></HTML>