RE: deaft-gree-sedsh-ecc-08: small correction

To: djm%mindrot.org@localhost, pgut001%cs.auckland.ac.nz@localhost
Subject: RE: deaft-gree-sedsh-ecc-08: small correction
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Wed, 18 Aug 2010 21:32:29 +1200

Damien Miller <djm%mindrot.org@localhost> writes:
> On Sat, 14 Aug 2010, Peter Gutmann wrote:
>> >     /* Verify that the public key parameter sizes are valid:
>> >
>> >             qx, qy >= MIN_PKCSIZE_ECC, qx, qy <= p - 1 */
>>
>> What do you use as this minimium? AFAIK SEC1 doesn't specify this check, but
>> I guess it should be at least 2 and probabalistically something less than
>> p/4 or so (for p of a hundred bits or more)
>
>oops, I meant "a number about 1/4 the length of p"

I use ( 256 - 192 ) bits, assuming that a value for which the first 64 (or
more) bits are zero is a sign of a problem rather than just a really unlikely
coincidence.  The spec doesn't require this (it could be only two bits long,
with a probability of 2^-254), but it seems like prudent engineering practice
to reject values like this.

Peter.

References:
- RE: deaft-gree-sedsh-ecc-08: small correction
  - From: Damien Miller

Prev by Date: RE: deaft-gree-sedsh-ecc-08: small correction
Next by Date: fds beyond 0/1/2
Previous by Thread: RE: deaft-gree-sedsh-ecc-08: small correction
Next by Thread: ssh1 doc?
Indexes:

Home | Main Index | Thread Index | Old Index