Reputation: 706
Is using the BigInteger probablePrime function safe for RSA encryption?
I have written a code that is able to generate 2048 bit prime p & q's and use that to encrypt messages in RSA. The way I generate these numbers is by using the java.math.BigInteger package's probablePrime() function. My question is how strong of an encryption these function generated prime numbers are in terms of encryption.
Here is my code for generating these numbers, isPrime is just a boolean function I wrote to check if the number is prime.
BigInteger definitePrime(int bits, Random rnd) {
BigInteger prime = new BigInteger("4");
while (!isPrime (prime)) {
prime = BigInteger.probablePrime(bits, rnd);
}
return prime;
}
Upvotes: 1
Views: 1539
Answers (3)
Reputation: 61892
As Stephen C points out in his answer, the primes are probably ok for RSA encryption.
Cryptographic randomness
I would add, that you shouldn't actually use any Random instance, but only your systems best SecureRandom implementation.
new Random() is not a cryptographic randomness source, whereas new SecureRandom() should be. If the random numbers that are used for prime generation are not cryptographically secure, then an attacker may have a chance to simply recreate those based on other information (such as time or previous outputs of the weak randomness source).
No Textbook RSA
You're doing "everything" yourself and it seems that you actually want to use this for serious encryption. If you are, you're missing something crucial and that is the padding scheme.
It is easy to use the BigInteger methods to implement RSA so that it works, but it's not enough to make it secure. You need to use a padding scheme like PKCS#1 v1.5 (not recommended anymore) or PKCS#1 v2 OAEP (recommended).
Use existing implementations
Instead of implementing those padding schemes for your "handmade" RSA, use Java's Cipher instance which provides RSA with those padding schemes:
RSA/ECB/PKCS1PaddingRSA/ECB/OAEPWithSHA-256AndMGF1Padding
Upvotes: 2
Reputation: 1
The generated primes are not secure if you use something like java.util.Random instead of an instance of SecureRandom. Your code snippet does not tell us what you are using, hence it is not possible to validate your code. Of course, you probably should just use JCE to generate new RSA keys.
Upvotes: -1
Reputation: 718768
The javadoc for BigInteger.probablePrime() says:
Returns a positive BigInteger that is probably prime, with the specified bitLength. The probability that a BigInteger returned by this method is composite does not exceed 2-100.
2-100 means one chance in 1,267,650,600,228,229,401,496,703,205,376; i.e. 1 chance in ~1.267 * 1030
Since you are trying to generating 2 primes, that means that you have 2 chances in roughly 1030 of generating a weak RSA key pair.
I'd have thought that that was good enough, but if you don't think so then you could use BigInteger.isProbablePrime(certainty) to test your prime candidates to an even higher level of certainty.
My question is how strong of an encryption these function generated prime numbers are in terms of encryption.
I don't know if there is a mathematically rigorous way to quantify the strength of an encryption algorithm. But the above analysis tells you the probability that a given generated key-pair will be weak / easy to crack.
Upvotes: 1
Related Questions
- Difference between BigInteger.probablePrime() and other primality algorithms in java
- Working with Java's BigInteger probable primes
- Why does the BigInteger.isProbablePrime() function in Java return true for negative numbers?
- Not getting proper output for RSA algorithm implemented with BigInteger
- BigInteger implementation of RSA's key generation
- Use of BigInteger.isProbablePrime() to generate cryptographically secure primes
- Clarification of the certainty factor in isProbablePrime
- Manually implementing RSA in Java using BigInteger
- RSA encryption algorithm in Java: no BigIntegers
- RSA and BigInteger in Java