Hi Nettle folks--
I'm wondering if there's an expectation of repeatable RSA key generation across different versions of libnettle.
In particular, assuming a statically-seeded PRNG (e.g. seeding with a fixed number of bytes from /dev/zero), should I be able to call rsa_generate_keypair() and have it return a predictable result, even across versions of libnettle?
Obviously, replicability is *not* what you'd want for production; but for testing, it can be a very handy feature.
Right now, i'm trying with a statically-seeded yarrow256_ctx PRNG against version 2.0 of nettle, and seeing a different key returned from rsa_generate_keypair() that i see with version 2.1 of nettle.
Should this variation be expected? has the use of random numbers (or other parts of the algorithm) changed significantly for rsa_generate_keypair() between releases?
--dkg
Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
I'm wondering if there's an expectation of repeatable RSA key generation across different versions of libnettle.
I wouldn't expect it. On the other hand, I think most releases don't change this.
Right now, i'm trying with a statically-seeded yarrow256_ctx
When one really wants repeatability, one can use the (otherwise pretty useless) lfib_knuth generator rather than yarrow256.
has the use of random numbers (or other parts of the algorithm) changed significantly for rsa_generate_keypair() between releases?
The generation method was replaced in nettle-2.1. From the NEWS file.
* Key generation for RSA and DSA changed to use Maurer's algorithm to generate provably prime numbers (as usual, the mathematical proof does not guaranteee that the implementation is bug free).
Regards, /Niels
On 06/13/2011 08:02 AM, Niels Möller wrote:
When one really wants repeatability, one can use the (otherwise pretty useless) lfib_knuth generator rather than yarrow256.
I've actually found that yarrow256 itself *is* repeatable across nettle versions (well, 2.0 → 2.1 at least); it was just the RSA key generation that was not repeatable.
The generation method was replaced in nettle-2.1. From the NEWS file.
- Key generation for RSA and DSA changed to use Maurer's algorithm to generate provably prime numbers (as usual, the mathematical proof does not guaranteee that the implementation is bug free).
ah, thanks; this explains why. Thanks for the pointer.
--dkg
Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
I've actually found that yarrow256 itself *is* repeatable across nettle versions (well, 2.0 → 2.1 at least);
That's intended (but not promised). Makes regression testing easier.
There have been one incompatible change to yarrow in recent years, related to seedfile management. (See ChangeLog for 2008-10-24 -- 2008-10-31).
Regards, /Niels
nettle-bugs@lists.lysator.liu.se
-
Daniel Kahn Gillmor -
nisse@lysator.liu.se