search for: primality

...6 12:57:05 -0400, Hubert Kario wrote: > creating composites that will pass even 100000 rounds of Miller-Rabin is > relatively simple.... > (assuming the values for M-R tests are picked randomly) Can you point me to the algorithms for doing that? This would suggest that we really do want primality proofs (and a good way to verify them). Do those algorithms hold for creating composites that pass M-R tests for both p and (p-1)/2 ? > I'd be against shipping any primes that are not generated from known, expected > values, like hash of "OpenSSH 1024 bit DH prime, try #1" T...

...gt; > knowledge. > > that being said, how using NUMS seeds to generate safe prime would > hurt? If you're concerned about precomputation, then it effectively gives the attackers a list of what you're going to use in the future. > also, doesn't that require us to provide primality certificates for q > rather than p? IMO you'd want both to prove a safe prime -d

...those can be disabled on Debian with "DebianBanner no" in sshd_config. We'd want to make sure that distro-specific moduli don't re-introduce fingerprinting for operators who want to hide their choice of distro. --dkg PS Darren, has there been any attempt at generating primality proofs for the values in ./moduli, as opposed to 100 rounds of Miller-Rabin? It would be a shame for a pseudoprime to slip in, however unlikely that would be.

...; >> Can you point me to the algorithms for doing that? > > OEIS A014233 Hm, this is a sequence, but not an algorithm. It looks to me like it is not exhaustive, just a list of those integers which are known to have the stated property ("Smallest odd number for which Miller-Rabin primality test on bases <= n-th prime does not reveal compositeness"). Taking the final integer in that sequence (a(11)) fails even the default 25-round M-R test in gmp: >>> k = gmpy2.mpz(3825123056546413051) >>> gmpy2.is_prime(k) False >>> Indeed, the arxiv suggests tha...

...Kario wrote: >> > OEIS A014233 >> >> Hm, this is a sequence, but not an algorithm. It looks to me like it is >> not exhaustive, just a list of those integers which are known to have >> the stated property ("Smallest odd number for which Miller-Rabin >> primality test on bases <= n-th prime does not reveal compositeness"). >> >> Taking the final integer in that sequence (a(11)) fails even the default >> >> 25-round M-R test in gmp: >> >>> k = gmpy2.mpz(3825123056546413051) >> >>> gmpy2.is_prime...

...parameters until regeneration finishes), but for cold starts, the server can be tied up for a few minutes creating DH parameters while clients queue up. I ran "openssl dhparam 2048" and got wildly varying run times of 1m45s, 11m56s, 0.4s, 2m19s, 3h23s. Most of the time was spent testing primality of candidate p *and* (p-1)/2 -- so called "safe prime". If you're unlucky, this can take a long time. However, it appears "safe" primes are not what they're cracked up to be -- they offer some guarantees, but are not safer than non-safe primes. Creating DH parameters w...

In the past we assumed that external displays did their own dithering if needed. GPU based dithering is only needed for laptop displays if i had to guess. I was almost thinking my monitor was malfunctioning because of strange barely visible flickering. Now it *seems* as if dithering was the problem, although time will have to tell, because it's subtle to see these effects. Ofcource i can try

...R witnesses, or not. Then we can use SHA-512 > instead of SHA-256, or some SHA-3 variant. If you're constantly changing the parameters, then this is the opposite of NUMS. Anyway, I don't think a NUMS-like approach is necessary. It certainly isn't with users independently generating primality certificates. -d

Hello, There's a typo in moduli.5 manpage. I'm not quite sure it needs a patch. Anyway, the fix is: s/primaility/primality/ Regards -- ^L.

Sorry for the resend but I am not sure if the first one ever made the list. As mentioned in my previous posts I''m trying to create a dynamic directory for file_folumn. After finding out that I didn''t have the most recent version I installed the latest trunk and am able to get file_column to act as it should. However I have been racking my brain on how to implement

On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote: > [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of > the RFC 4419 refresh draft. https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ? Tangent: has any consideration been given to increasing the maximum allowed beyond 8192 bits (which is below the current NIST

hi everyone, ipop very quickly and accurately identifies the correct parameters in a toy dataset i built, but when i use ipop on the real dataset i get values for the parameters " primal(res) " that are less than zero, even though i specify zero for the lower bound : l = rep(0, length(c)) , where length(c) is the number of parameters i'm trying to identify. the parameters are

...some reason, there only seem to be generators 2 and 5, while that seems to check for generator 0, but if you try to use that in the command, it produces the error: Generator invalid: 0 (too small) even though the documentation lists: By default, each candidate will be subjected to 100 primality tests.? This may be overridden using the -O prime-tests option.? The DH generator value will be chosen automatically for the prime under consideration.? If a specific generator is desired, it may be requested using the -O generator option.? Valid generator values are 2, 3, and 5.

Hi, I'm interested in requiring a minimum of 3072-bit DH moduli when using the "diffie-hellman-group-exchange-sha256" kex, so I edited my /etc/ssh/moduli file such that only 3071+ moduli are left. However, when clients ask for a max of 2048-bit moduli, they actually get one (!). I poked around and found that a fallback mechanism exists (dh.c:185), which returns back the

...l state University named after Demidov(Matematic Department, 4 course). I'm interested in mathematic and coding. I would like to write programs assosiated with my profession. My favorite language is c++ builder. My experience: 1). Program that provide deterministic polynomial-time algorithm for primality testing. It was developed by Indian mathematics. (with writing a simple GUI, platform x86) 2). Program that is finding all decisions of equation like: (1 / x1) + (1 / x2) + (1 / x3) + ... + (1/ xn) = a / b (b > a) 3). And now i'm driving away at program that is breaking Viginer's cipher....

The R interface to the GNU Linear Programming Kit (GLPK) is now available on CRAN. The R interface functions are almost identical to the native GLPK C API making it easy to move code and concepts between R and C. The GLPK package is intended for solving large-scale linear programming (LP), mixed integer linear programming (MIP), and other related problems. The GLPK library includes the

Dear UserR's, The smacof package (see also our PsychoR repository on http://r-forge.r-project.org/projects/psychor/) is uploaded on CRAN. This package provides the following approaches of multidimensional scaling (MDS) based on stress minimization by means of majorization (smacof): - Simple smacof on symmetric dissimilarity matrices - smacof for rectangular matrices (unfolding models) -

Hello all, I have a legacy 1Gb MS SQL 2000 database in production. A copy of this is my dev db. rake prepare_test_database on this database takes 20+ minutes. Can someone PLEASE tell me if there is a solution to improving the prepare time for this DB ? Thank you thank you thank you in advance! -- ------------------------------ me in you, you in me - the primal empathic mirror in all of us.

The R interface to the GNU Linear Programming Kit (GLPK) is now available on CRAN. The R interface functions are almost identical to the native GLPK C API making it easy to move code and concepts between R and C. The GLPK package is intended for solving large-scale linear programming (LP), mixed integer linear programming (MIP), and other related problems. The GLPK library includes the

...Other verifier files must be owned by root and must not be readable by group or other. * The parameter test code in srp-util.c and tconf2embed.c was missing the test for g^2 mod p != 1. Thus 6 was accepted as a primitive generator for 7, which it ain't. * tconf2embed -f means skip the primality check. * Installation instructions in README.SRP. Please send all bug reports/patches/complaints to <tomh at po.crl.go.jp>. Dr. Tom Holroyd "I am, as I said, inspired by the biological phenomena in which chemical forces are used in repetitious fashion to produce all kinds of weird eff...