From bloom-picayune.mit.edu!mintaka.lcs.mit.edu!yale!yale.edu!jvnc.net!darwin.sura.net!europa.asd.contel.com!uunet!mcsun!news.funet.fi!cc.tut.fi!fuug!nntp.hut.fi!kampi.hut.fi!alo Wed Jan 22 19:29:43 EST 1992
Article: 7213 of sci.crypt
Xref: bloom-picayune.mit.edu misc.legal.computing:599 sci.crypt:7213
Path: bloom-picayune.mit.edu!mintaka.lcs.mit.edu!yale!yale.edu!jvnc.net!darwin.sura.net!europa.asd.contel.com!uunet!mcsun!news.funet.fi!cc.tut.fi!fuug!nntp.hut.fi!kampi.hut.fi!alo
From: alo@kampi.hut.fi (Antti Louko)
Newsgroups: misc.legal.computing,sci.crypt
Subject: PKP food generator
Message-ID: <1992Jan22.101543.2656@nntp.hut.fi>
Date: 22 Jan 92 10:15:43 GMT
References: <1992Jan19.180615.18929@decuac.dec.com> <1992Jan20.191011.2368rcain@netcom.COM> <1992Jan21.173134.22471@ccu.umanitoba.ca>
Sender: usenet@nntp.hut.fi (Usenet pseudouser id)
Organization: Helsinki University of Technology
Lines: 38
Nntp-Posting-Host: kampi.hut.fi

!!! I sent this also to sci.crypt because of the question in the end. If
!!! you are commenting any legal issues, PLEASE remove sci.crypt from the
!!! Newsgroups line!

In article <1992Jan21.173134.22471@ccu.umanitoba.ca> umbuhr03@ccu.umanitoba.ca (Kevin Buhr) writes:
>I *highly* doubt that publishing a public key would constitute sufficient
>evidence of violation even *if* it was possible to determine that it was,
>in fact, an RSA public encryption key and not a string of random
>characters.

Especially when you can acquire RSA keys quite easily by fingering
host kampi.hut.fi (130.233.224.2). Eg. giving command

finger 64@rsa-key@kampi.hut.fi

prints out something like:

[kampi.hut.fi]
Hello kampi.hut.fi (130.233.224.2)
P 3aec6257d6c3727f 4245876678108344959
Q 3a54174385df8a7 262688120688736423
E 10001
1115341365248416209370650993511741657 65537
1115341365248416209370650993511741657 94063486407656903682512672211029

Printout should be quite self-explanatory. I want to remind you that
you should not use these keys for anything serious because me or
someone else can probably spy them. But they are great as PKP-food.

To restrict load we allow only one key generation process at a time
and prime length is restricted to 257 bits.

And now the question:

What is current consensus on need to check generated primes for
strenghtness. Is it ok just to generate long primes and use them or
should we check something else? How about primes used with
Diffie-Hellman? Or El Gamal?