Re: Last ditch proposal for crypto suites

[Bill Sommerfeld <sommerfeld@east.sun.com>]

> Are odd key sizes common?

I keep running into them so they can't be that rare.

A long time ago, i asked pgp for a 1024 bit key and it generated a
1022 bit key instead.

When I was migrating between different ssh implementations I noticed
the newer one whining about 1023-bit keys generated by the older one.

The more recent case (less directly analagous) involved a 1024-bit
modulus which had factors of 513 and 512 bits; when we moved the
private key to an alternate RSA implementation, it bumped into a
misplaced test which assumed the factors of the modulus would be
exactly half the size of the modulus.  (had the test not been there,
the code would have worked; the fix was to weaken the test).

> Again it is an issue of testing. 

agreed.

> I think it is reasonable to test a key pair of every size from 1024
> bits thru 2048 at 32 bit intervals, at 1 bit intervals it would get
> very tedious indeed.

yes, though based on the keys i've seen "in the wild", I'd suggest
that testing 1-bit intervals clustered around "popular" moduli sizes
would have more realistic coverage than every 32-bits.

						- Bill