Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Breaking RSA: Totient indirect factorization

From: Alexander Klimov <alserkli () inbox ru>
Date: Thu, 15 Nov 2007 10:29:19 +0200 (IST)
On Wed, 14 Nov 2007, gandlf wrote:

1) m = p*q            -> RSA modulus

[...]

Algorithm
---------

- Repeat "a = a^n mod m" with n from 2 to m, saving all the results
  in a table until a == 1 (Statement 4).


:-)

So what is the expected running time of your algorithm? For example,
how long it will take on average to factor a 1024-bit modulus?


Impact
------

PKI vendors must change modulus generator algorithms to discard
totients with lower factors.


You may be interested in ``Are 'Strong' Primes Needed for RSA?'' by
Ron Rivest and Robert Silverman.

-- 
Regards,
ASK
Previous By Date Next
Previous By Thread Next

Current thread: