nettle_mpz_random: Increased number of extra bits to 64, following FIPS 186-3.

author: Niels Möller <nisse@lysator.liu.se> 2013-01-31 21:04:06 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2013-01-31 21:04:06 +0100
commit: 5172adc35ef2eae3d9c7bfd61485794cd6893295 (patch)
tree: 425709c9459bc9594461af994c2070e5e374de22 /bignum-random.c
parent: a6671dc550514c152da3e77895341623c52a6d31 (diff)
download: nettle-5172adc35ef2eae3d9c7bfd61485794cd6893295.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/bignum-random.c b/bignum-random.c
index ab8c4f14..f305f040 100644
--- a/bignum-random.c
+++ b/bignum-random.c
@@ -75,11 +75,12 @@ nettle_mpz_random(mpz_t x,
    */
 
   /* Add a few bits extra, to decrease the bias from the final modulo
-   * operation. */
+   * operation. NIST FIPS 186-3 specifies 64 extra bits, for use with
+   * DSA. */
 
   nettle_mpz_random_size(x, 
 			 ctx, random,
-			 mpz_sizeinbase(n, 2) + 16);
+			 mpz_sizeinbase(n, 2) + 64);
   
   mpz_fdiv_r(x, x, n);
 }
author	Niels Möller <nisse@lysator.liu.se>	2013-01-31 21:04:06 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2013-01-31 21:04:06 +0100
commit	5172adc35ef2eae3d9c7bfd61485794cd6893295 (patch)
tree	425709c9459bc9594461af994c2070e5e374de22 /bignum-random.c
parent	a6671dc550514c152da3e77895341623c52a6d31 (diff)
download	nettle-5172adc35ef2eae3d9c7bfd61485794cd6893295.tar.gz