# pike.git/lib/modules/Crypto.pmod/RSA.pike

Branch: Tag:

## 2013-10-29

#### 2013-10-29 14:40:50 by Martin Nilsson <nilsson@opera.com>

• acb174f532042f49d9542396fd8d79068d6c76d9 (20 lines) (+13/-7) [ Show | Annotate ]
Branch: 7.9
Added some comments about RSA exponent. Changed so that instead of increasing n until GCD(phi)==1, just recalculate p and q to keep the n constant.

162: Inside #if constant(Crypto.Hash)
Gmp.mpz([object(Gmp.mpz)](q-1)));       array(Gmp.mpz) gs; /* gcd(pub, phi), and pub^-1 mod phi */ -  Gmp.mpz pub = Gmp.mpz( - #ifdef SSL3_32BIT_PUBLIC_EXPONENT -  random(1 << 30) | - #endif /* SSL3_32BIT_PUBLIC_EXPONENT */ -  0x10001); +     -  while ((gs = pub->gcdext2(phi)) != 1) -  pub += 1; +  // For a while it was thought that small exponents were a security +  // problem, but turned out was a padding problem. The exponent +  // 0x10001 has however become common practice, although a smaller +  // value would be more efficient. +  Gmp.mpz pub = Gmp.mpz(0x10001);    -  +  // For security reason we need to ensure no common denominator +  // between n and phi. We could create a different exponent, but +  // some Crypto packages are hard coded for 0x10001, so instead +  // we'll just start over. +  if ((gs = pub->gcdext2(phi)) != 1) +  continue; +     if (gs < 0)    gs += phi;