Better phi_n security without bad time penalty

author: Barry Mead <barrymead@cox.net> 2010-02-16 19:07:07 -0700
committer: Barry Mead <barrymead@cox.net> 2010-02-16 19:07:07 -0700
commit: fb13b1d20fba03aa63787d1858e2fd1c25abf4ab (patch)
tree: e3b4ea9d7228c4a6bf35cd31561f4d89ffbf9ec4 /rsa/__init__.py
parent: edf743f57753a044850e92b7f4e347a4853d7f30 (diff)
download: rsa-git-fb13b1d20fba03aa63787d1858e2fd1c25abf4ab.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/rsa/__init__.py b/rsa/__init__.py
index f6f1e74..ad1e192 100644
--- a/rsa/__init__.py
+++ b/rsa/__init__.py
@@ -314,10 +314,12 @@ def find_p_q(nbits):
     """Returns a tuple of two different primes of nbits bits"""
     pbits = nbits + (nbits/16)  #Make sure that p and q aren't too close
     qbits = nbits - (nbits/16)  #or the factoring programs can factor n
-    p = getprime(pbits)
     while True:
+        p = getprime(pbits)
         q = getprime(qbits)
-        if not q == p: break
+        phi_n = (p-1)*(q-1)
+        #Make sure p and q are different and phi_n is not divisible by 256
+        if not (q == p or phi_n & 255 == 0): break
     return (p, q)
 
 def extended_gcd(a, b):
author	Barry Mead <barrymead@cox.net>	2010-02-16 19:07:07 -0700
committer	Barry Mead <barrymead@cox.net>	2010-02-16 19:07:07 -0700
commit	fb13b1d20fba03aa63787d1858e2fd1c25abf4ab (patch)
tree	e3b4ea9d7228c4a6bf35cd31561f4d89ffbf9ec4 /rsa/__init__.py
parent	edf743f57753a044850e92b7f4e347a4853d7f30 (diff)
download	rsa-git-fb13b1d20fba03aa63787d1858e2fd1c25abf4ab.tar.gz