Lower Bound for Primes during GnuPG key generation (was Re: [Enigmail] Popescu and keys)

vedaal at nym.hush.com vedaal at nym.hush.com
Thu May 21 23:14:47 CEST 2015

On 5/21/2015 at 3:45 PM, "Werner Koch" <wk at gnupg.org> wrote:

>Some guy
>downloaded most RSA keys from a keyserver and tried to factor 1.9
>million moduli.  They found 30 keys with a subkey having one of the
>first 1000 primes as a factor.  

> I looked at 8 of those keys and
> found that 2 are likely PGP created and 6 are by GPG.


When GnuPG creates and RSA keypair, is there a minimum *low* for primes it will ignore?
Will GnuPG reject a prime for key generation if it is one of the first 1000 primes, or first million primes, or any fixed lower level?)

And if so,

Is it feasible to mount an attack on a keypair by starting with trying successive primes greater than this lower bound,
and possibly successfully find *some* GnuPG secret keys?



More information about the Gnupg-users mailing list