Idle curiosity re RSA key generation

To: ietf-ssh%NetBSD.org@localhost
Subject: Idle curiosity re RSA key generation
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Mon, 26 Sep 2022 12:40:06 -0400 (EDT)

When I'm generating RSA keys, the software I use filters using a
small-primes wheel, then a Little Theorem test with base 2, then 32
iterations of Miller-Rabin.  (I figure that pushes the chance of a
composite number down into the range where it's on the order of the
chance of the processor I'm doing the testing on mis-executing the test
code; I see no point going beyond that.)

I typically see from dozens to hundreds of candidates pass the wheel
but then fail the Little Theorem.  But don't think I have _ever_ seen a
candidate pass the Little Theorem and then fail Miller-Rabin.  This
leads me to wonder why this is.  (It also leads me to be concerned for
my code's correctness when I can't test one of the code paths, not to
mention worries about the correctness of my Miller-Rabin
implementation.  Perhaps I should try diking out the Little Theorem
test.)

Anyone have any thoughts on this?  I have studied number theory, but
that is not only nearly forty years out of date but nearly twenty years
rusty.  (For example, I have a fuzzy memory that Carmichael numbers are
relevant somehow, but I can't recall much more than that.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: Idle curiosity re RSA key generation
  - From: Niels Möller
- Re: Idle curiosity re RSA key generation
  - From: Mouse

Prev by Date: Re: rsa-sha2-256 interop/debugging help, anyone?
Next by Date: Re: Idle curiosity re RSA key generation
Previous by Thread: rsa-sha2-256 interop/debugging help, anyone?
Next by Thread: Re: Idle curiosity re RSA key generation
Indexes:

Home | Main Index | Thread Index | Old Index