Commits

Anonymous committed f8ba288

Better phi_n security without bad time penalty

Comments (0)

Files changed (1)

     """Returns a tuple of two different primes of nbits bits"""
     pbits = nbits + (nbits/16)  #Make sure that p and q aren't too close
     qbits = nbits - (nbits/16)  #or the factoring programs can factor n
-    p = getprime(pbits)
     while True:
+        p = getprime(pbits)
         q = getprime(qbits)
-        if not q == p: break
+        phi_n = (p-1)*(q-1)
+        #Make sure p and q are different and phi_n is not divisible by 256
+        if not (q == p or phi_n & 255 == 0): break
     return (p, q)
 
 def extended_gcd(a, b):