Link to "Prime and Prejudice" paper

author: Peter Dettman <peter.dettman@bouncycastle.org> 2018-09-18 14:02:55 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2018-09-18 14:02:55 +0700
commit: e5ce7d7fa8a16984adfff485196d3a7ce212f6a6 (patch)
tree: eade892f5740e4e490f76742e0a7cfc9d471c095 /crypto/Readme.html
parent: Blake2b/s: relax length-only constructor constraints (diff)
download: BouncyCastle.NET-ed25519-e5ce7d7fa8a16984adfff485196d3a7ce212f6a6.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html
index 59c333290..a89e7e535 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -315,7 +315,8 @@ We state, where EC MQV has not otherwise been disabled or removed:
                 In this release, the TLS library has moved to a whitelisting approach for client-side validation of server-presented
                 Diffie-Hellman (DH) parameters. In the default configuration, if a ciphersuite using ephemeral DH is selected by the
                 server, the client will abort the handshake if the proposed DH group is not one of those specified in RFC 3526 or RFC 7919,
-                or if the DH prime is < 2048 bits. The client therefore no longer offers DH ciphersuites by default.
+                or if the DH prime is &lt; 2048 bits. The client therefore no longer offers DH ciphersuites by default. See also the paper
+                <a href="https://eprint.iacr.org/2018/749">"Prime and Prejudice: Primality Testing Under Adversarial Conditions"</a>.
             </li>
         </ul>
author	Peter Dettman <peter.dettman@bouncycastle.org>	2018-09-18 14:02:55 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2018-09-18 14:02:55 +0700
commit	e5ce7d7fa8a16984adfff485196d3a7ce212f6a6 (patch)
tree	eade892f5740e4e490f76742e0a7cfc9d471c095 /crypto/Readme.html
parent	Blake2b/s: relax length-only constructor constraints (diff)
download	BouncyCastle.NET-ed25519-e5ce7d7fa8a16984adfff485196d3a7ce212f6a6.tar.xz