In my case, I generate about 40 pairs of primes and long generators and =
stash them away. You can generate them offline and keep them around. =
1024 bits in P is mandatory, at minimum, according to NIST and NSA specs =
for ephemeral data -- such as an encrypted handshake protocol. They =
actually recommend that all government users switch to 3072 bits this =
year, but that really has more to do with archival information that =
could be attacked offline.

[I do believe that Q will be 1023 bits... not 1022...]

Yes, probabilities in both directions. But it goes as 1/4^N (assuming =
you have a pure hearted random number generator) for Miller-Rabin, and =
somewhere around 1/2^N for Lucas going the other way. NIST and NSA =
recommend something like 4-6 rounds of Miller-Rabin followed by one =
round of Lucas. You need a good generator for the subgroup too, and that =
falls out of the Lucas test.

Your PRNG also needs to be able to generate large integer random numbers =
without bias or skew, and if it can't then they have a procedure where =
you feed successive words through SHA256 to get chunks that can be =
stitched together to form a large random number.

Ahh portability... what can I say. I'll say it... why are you using =
Forth in a domain where that even matters? That seems like a total abuse =
of Forth, to me, and a horribly masochistic exercise on the programmer's =
part.

How about becoming multi-lingual?

When I was in physics grad school it began to dawn on me that there were =
no divisions in physics: thermodynamics, quantum mechanics, =
electrodynamics, etc. They were all really part of one larger continuum.=20=

The same is true of programming languages. Your DOES> words create =
single-parameter functional closures -- a higher level concept to be =
sure, but once you experience programming from higher up, you see things =
a bit more clearly down below...

- DM

On Jan 31, 2010, at 05:04 AM, Marcel Hendrix wrote:

> David McClain <dbm_at_refined-audiometrics.com> Subject: [sftalk] Re: =
generating self-contained dlls: sf or swiftx?
>=20
>> No, it needs to be a 1024-bit prime P =3D 2*Q+1 with Q also prime. We=20=

>> want a maximal length subgroup of length P-1 so that we don't get=20
>> trapped in a short-cycle subgroup a you would if Q were composite. P=20=

>> itself must be prime or the SRP-6 (which is using a variant of=20
>> Diffie-Hellman) won't work properly. So if P is 1024 bits then Q is =
1023=20
>> bits, right?
>=20
> Ai, first bug.
>=20
> The MSB of Q must be 1, or Q may have many less bits than the 1023
> required. So actually only 1022 bits to process.
>=20
>> Miller-Rabin is a good start, but it is not definitive. You also need =
to=20
>> test with a probabilistic Lucas test, which tests for the probability=20=

>> that a number is composite -- goes the other way from Miller-Rabin, =
see?
>=20
> Probabilities both ways -- that's why I asked how sure you want to=20
> be and how long it is allowed to take. Absolutely sure can take very =
long!
>=20
> [..]
>=20
>> So that Bignum arithmetic, plus the need for platform independence, =
plus=20
>> the need for a "portable dialect" (heh!) of Forth, probably is gonna=20=

>> stop you in your track pretty quickly.
>=20
> Actually I do have all of that already, including Lucas-Lehmer, on =
Windows,=20
> Linux and OSX, for 32/64-bit Forths. But as my bignums use a tiny bit =
of=20
> assembler that part may not be directly portable to other 64-bit =
Forths.
>=20
> -marcel
>=20
> ----------------------------------------------------------------------
> sftalk_at_forth.com The SwiftForth programming discussion email list
> To unsubscribe, send subject "unsubscribe" to sftalk-request_at_forth.com
> For list command help, send subject "help" to sftalk-request_at_forth.com
> Message archives are located at http://www.forth.com/archive/sftalk
> ----------------------------------------------------------------------
> This list is a forum for SwiftForth users. For product support and
> bug reports, please send email to support_at_forth.com
> ----------------------------------------------------------------------
>=20
>=20

Dr. David McClain
dbm_at_refined-audiometrics.com

----------------------------------------------------------------------
sftalk_at_forth.com The SwiftForth programming discussion email list
To unsubscribe, send subject "unsubscribe" to sftalk-request_at_forth.com
For list command help, send subject "help" to sftalk-request_at_forth.com
Message archives are located at http://www.forth.com/archive/sftalk
----------------------------------------------------------------------
This list is a forum for SwiftForth users. For product support and
bug reports, please send email to support_at_forth.com
----------------------------------------------------------------------
Received on Sun Jan 31 2010 - 04:16:36 PST