- edited description
-
assigned issue to
Random number generation isn't to RFC 5054
The RFC says that the b
should be at least 256 bits and in the range [1,N)
inclusive. The logic SRP6Routines::generatePrivateValue
for N>512bits generates a value in the range [1<<256,N)
which is is a narrower than the range allowable by the RFC. To do this it has a quite a sophisticated looping logic which samples random BigIntegers to find one in that range with some logic to handle corner cases.
A better way to calculate this would be to generate a random BigInteger using its constructor R = new BigInteger(N.bitLength(), secureRandom)
then R.mod(N)
that to get the random number and only loop if it is zero. There is then only an extremely low probability of looping if the randomly generated R
is exactly N. It will also use the full range [1,N)
.
Comments (4)
-
reporter -
reporter - edited description
-
reporter - edited description
-
- changed status to resolved
Closing the ticket, fix released as v2.0.2.
Thanks, Simon!
- Log in to comment