xxx-draft-spec-for-TLS-normalization.txt

Mansour Moufid mansourmoufid at gmail.com
Wed Jan 26 22:10:10 UTC 2011


> As a security precaution, care must be taken to ensure that we do not generate
> weak primes or known filtered primes. Both weak and filtered primes will
> undermine the TLS connection security properties. OpenSSH solves this issue
> dynamically in RFC 4419 [2] and may provide a solution that works reasonably
> well for Tor. More research in this area including Miller-Rabin primality tests
> will need to be analyzed and probably added to Tor.

RFC 4419 suggests the Miller-Rabin test because it is efficient and
well-known. Perhaps Tor could use the AKS primality test, which is
also efficient, and deterministic.



More information about the tor-dev mailing list