What size is this key?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

What size is this key?

Tan Eng Ten
A local certification authority has issued a cert and the public is as
below (parsed with openssl) :

-----
Modulus (1023 bit):
     5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0:
     6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50:
     fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c:
     b6:a0:5e:68:9e:b4:70:c9:bd:28:8a:fb:6d:95:0a:
     38:83:f9:8d:15:b1:3a:33:bf:d7:ab:1c:5e:1b:d3:
     d6:c1:1a:f8:05:7f:ef:22:23:48:ef:48:a2:8d:99:
     90:10:81:8a:54:dd:16:9e:7f:d0:88:a8:b7:34:68:
     be:4d:8f:dc:4b:5d:d9:72:c5:a4:88:a6:40:fa:f2:
     f7:16:79:a8:35:3d:f2:ad
Exponent: 3 (0x3)
-----

The key pair was generated by the CA (smart-card based) and it was
supposed to be a 1024-bit RSA key. I retrieved the certificate from the
smart card and parsed it with openssl.

I am just wondering why did openssl report it as 1023-bit?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: What size is this key?

Steven Reddie
It probably is 1023 bit, but you can think of that as being 1024 bit with
the top bit zero.  Since the modulus is effectively random (the product or
two randomly chosen large primes) then it makes sense that some of the
generated moduli will not completely fill the 1024 bits, just as choosing a
number randomly between 0 and 100 won't always have the top decimal place
filled.  If the top bit was always set it would reduce the search space when
attacking the key, thereby weakening it.

Steven

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Tan Eng Ten
Sent: Wednesday, 17 August 2005 5:17 PM
To: [hidden email]
Subject: What size is this key?

A local certification authority has issued a cert and the public is as below
(parsed with openssl) :

-----
Modulus (1023 bit):
     5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0:
     6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50:
     fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c:
     b6:a0:5e:68:9e:b4:70:c9:bd:28:8a:fb:6d:95:0a:
     38:83:f9:8d:15:b1:3a:33:bf:d7:ab:1c:5e:1b:d3:
     d6:c1:1a:f8:05:7f:ef:22:23:48:ef:48:a2:8d:99:
     90:10:81:8a:54:dd:16:9e:7f:d0:88:a8:b7:34:68:
     be:4d:8f:dc:4b:5d:d9:72:c5:a4:88:a6:40:fa:f2:
     f7:16:79:a8:35:3d:f2:ad
Exponent: 3 (0x3)
-----

The key pair was generated by the CA (smart-card based) and it was supposed
to be a 1024-bit RSA key. I retrieved the certificate from the smart card
and parsed it with openssl.

I am just wondering why did openssl report it as 1023-bit?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: What size is this key?

JoelKatz
In reply to this post by Tan Eng Ten

> A local certification authority has issued a cert and the public is as
> below (parsed with openssl) :
>
> -----
> Modulus (1023 bit):
>      5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0:
>      6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50:
>      fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c:
>      b6:a0:5e:68:9e:b4:70:c9:bd:28:8a:fb:6d:95:0a:
>      38:83:f9:8d:15:b1:3a:33:bf:d7:ab:1c:5e:1b:d3:
>      d6:c1:1a:f8:05:7f:ef:22:23:48:ef:48:a2:8d:99:
>      90:10:81:8a:54:dd:16:9e:7f:d0:88:a8:b7:34:68:
>      be:4d:8f:dc:4b:5d:d9:72:c5:a4:88:a6:40:fa:f2:
>      f7:16:79:a8:35:3d:f2:ad
> Exponent: 3 (0x3)
> -----
>
> The key pair was generated by the CA (smart-card based) and it was
> supposed to be a 1024-bit RSA key. I retrieved the certificate from the
> smart card and parsed it with openssl.
>
> I am just wondering why did openssl report it as 1023-bit?

        Suppose I ask you to pick a random number between 1 and 1000. You tell me.
I think ask someone "do you think he picked a random number between 1 and
1000 or between 1 and 500?". Half the time, the other person will say
"probably between 1 and 500". So half of the 1,024 bit random numbers fit in
1,023 bits.

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]