On Fri, 22 May 2015, Daniel Kahn Gillmor wrote: > PS Darren, has there been any attempt at generating primality proofs for > the values in ./moduli, as opposed to 100 rounds of Miller-Rabin? It > would be a shame for a pseudoprime to slip in, however unlikely that > would be. I looked at it a few years ago, but couldn't figure out a way to generate provable safe primes. I'd love someone to get this working. AFAIK the number of Miller-Rabin tests we do is many times more than OpenSSL's baseline BN_is_prime() false positive rate of 2^-80. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev