Some confusion about Small Subgroup Confinement Attack.

[qxzhou1010]

First of all I'm very sorry, this issue is not about this repository, but Crypton. Because I can't find the new issue button in Crypton. I've been troubled by this problem for a long time, please help me.

I have read your article：Small Subgroup Confinement Attack. I have understood most of them, but I don't know how to solve the generator which order is exactly equal to the prime factor. In the 3-th point of Attack in practice , you mentioned
use the generator g of Z_p^* to find g'. So there is a problme that how to find all the generators of Z_p^* when p is a large prime. Maybe this is another difficult question?

In your reference, this article (https://toadstyle.org/cryptopals/57.txt), the same problem to find the generator of subgroup
. This article to find g' (called h) use the following method : h := rand(1, p)^((p-1)/r) mod p.. The base is randomly selected from (1,p) not a generator. So, which is right? I am so confused, please help me, thank you very much!