RSA.generate hangs with some key sizes
Bug #268101 reported by
Darsey Litzenberger
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Python-Crypto |
Fix Released
|
Undecided
|
Darsey Litzenberger |
Bug Description
This is quick:
>>> RSA.generate(368, randfunc)
This hangs forever:
>>> RSA.generate(369, randfunc)
See http://
Changed in pycrypto: | |
milestone: | none → 2.1.0 |
To post a comment you must log in.
Fixed in http:// gitweb. pycrypto. org/?p= crypto/ pycrypto- 2.0.x.git; a=commitdiff; h=23dcc92f8edaf 1e0ec76e1a4c31d 950546c005fa
The problem is that you're trying to generate odd-length RSA keys. The offending code was:
while number.size(p*q) < bits: getPrime( bits/2, randfunc) getPrime( bits/2, randfunc)
p = pubkey.
q = pubkey.
I replaced it with:
while number.size(p*q) < bits: getPrime( bits/2, randfunc) getPrime( bits - (bits/2), randfunc)
p = pubkey.
q = pubkey.
However, notice that factoring n = p*q (and therefore breaking the RSA key) isn't any harder with a 369-bit key as it is with a 368-bit key, because even though q is now 185 bits long, p is still 184 bits.
So although I fixed this bug to prevent the infinite loop, you don't have any reason to use odd-length RSA keys.