From 5172adc35ef2eae3d9c7bfd61485794cd6893295 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> Date: Thu, 31 Jan 2013 21:04:06 +0100 Subject: [PATCH] nettle_mpz_random: Increased number of extra bits to 64, following FIPS 186-3. --- ChangeLog | 5 +++++ bignum-random.c | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 90e25e94..c08d7bcb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2013-01-31 Niels Möller <nisse@lysator.liu.se> + + * bignum-random.c (nettle_mpz_random): Increased number of extra + bits to 64, following FIPS 186-3. + 2013-01-12 Niels Möller <nisse@lysator.liu.se> * configure.ac: Use AC_LANG_SOURCE. diff --git a/bignum-random.c b/bignum-random.c index ab8c4f14..f305f040 100644 --- a/bignum-random.c +++ b/bignum-random.c @@ -75,11 +75,12 @@ nettle_mpz_random(mpz_t x, */ /* Add a few bits extra, to decrease the bias from the final modulo - * operation. */ + * operation. NIST FIPS 186-3 specifies 64 extra bits, for use with + * DSA. */ nettle_mpz_random_size(x, ctx, random, - mpz_sizeinbase(n, 2) + 16); + mpz_sizeinbase(n, 2) + 64); mpz_fdiv_r(x, x, n); } -- GitLab