> Choosing your primes uniformly seems the best solution, even if that means sometimes picking ones close to each other
I can't agree with this because it's sounds too much like "choosing four random dictionary words for a password is best, even if it it happens to be be the phrase 'let me in please'".
If there are some known weak points in the space that attackers look for, it's probably good to avoid those.
> If there are some known weak points in the space that attackers look for, it's probably good to avoid those.
Presuming attempts to discriminate don't introduce greater risks, like even larger biases, introduction of side channels, more bug-prone code, etc. Modern crypto seems to try to balance both concerns. For example, by provably reducing the space of problematic values to something so miniscule that it can be ignored in implementations.
I can't agree with this because it's sounds too much like "choosing four random dictionary words for a password is best, even if it it happens to be be the phrase 'let me in please'".
If there are some known weak points in the space that attackers look for, it's probably good to avoid those.