In the literature pertaining to RSA, it has often been suggested that
in choosing a key pair, one should use ``strong'' primes *p* and *q* to
generate the modulus *n*. Strong primes are those with certain properties
that make the product *n* hard to factor by specific factoring methods;
such properties have included, for example, the existence of a large
prime factor of *p*-1 and a large prime factor of *p*+1. The reason for
these concerns is that some factoring methods are especially suited to
primes *p* such that *p*-1 or *p*+1 has only small factors; strong primes
are resistant to these attacks.

However, recent advances in factoring (see Question 3.4.6) appear to have obviated the advantage of strong primes; the elliptic curve factoring algorithm is one such advance. The new factoring methods have as good a chance of success on strong primes as on ``weak'' primes; therefore, choosing strong primes does not significantly increase resistance to attacks. So for now the answer is negative: strong primes are not necessary when using RSA, although there is no danger in using them, except that it takes longer to generate a key pair. However, new factoring algorithms may be developed in the future which once again target primes with certain properties; if so, choosing strong primes may again help to increase security.