On 20.02.2016 20:23, Reco wrote: > The way I see it, ssh-keygen merely generates *possible* prime numbers, > as correct checking for primeness (sp?) would require very long and > very CPU intensive checking - basically you'd have to divide generated > number by each and any number less than generated candidate prime and > see if the result is integer (candidate is discarded then) or not. > > ssh-keygen 'cheats' and does some minimal checks to ensure that > generated primes are 'good enough' aka 'safe primes'. safe primes are actually a subset of the primes: for sp safe prime sp = 2*p+1 with p prime see the wikipedia [1]. What you actually want for RSA are strong primes, which overlap with the safe primes. But you are right in that primes are found with fast, probabilistic tests that can decide with arbitrary small error rate wether your candidate is a prime[2]. In the real world, this is not worse than proofing primality of your candidate - you just set your error boundaries lower than chances of, e.g., random bit flips in memory. > Because you can install ssh client without a server, but a > ssh server without a client on the same host is not of much use to > anyone. Is that so? I have a couple of hosts where I cannot remember runner ssh myself ever. Actually more than hosts without sshd (only one) [1] https://en.wikipedia.org/wiki/Safe_prime [2] https://en.wikipedia.org/wiki/Primality_test#Probabilistic_tests
Attachment:
signature.asc
Description: OpenPGP digital signature