Your Online Security Is Critically Dependent on the Generation of Random Prime Numbers
It was Google who fundamentally changed cybersecurity. If not for them, we would probably still be connecting to insecure http sites. With Chrome, they pushed the industry to move towards https, and where any site that did not support it, would be marked as insecure. And so, nearly all of the sites we now connect to are secured with https. This creates a secure tunnel for the Web pages and also proves the identity of the remote Web site.
For identity, we use a digital signature, such as using RSA and ECDSA. This allows a Web site to sign a hash of data with its private key, and then verified with the associated public key. In most cases, these days, we use RSA signatures for this, and where an RSA key pair is created.
So, if these keys are not created in a secure way, it leaves us open to the private key of a Web site being cracked, and for an adversary to set up a fake site. With RSA, we generate two prime numbers (p and q), and then create a public modulus (N=p.q). If we can factorize N, we will easily discover the private key. If any of the values of p and q could be discovered — even for a single bit — it can considerably weaken the key pair created. These prime numbers must thus be as random as possible. So, let’s see if we can generate random prime numbers for a given…
