The PohligHellman algorithm for computing discrete logs:
qis = [4, 3, 5] ais = [11, 47, 9] bis = [60, 47, 9] xis = [2, 1, 1] x = 46 True qis = [4, 3, 5] ais = [11, 47, 9] bis = [60, 47, 9] xis = [2, 1, 1] x = 46 True 
The following can be used to generate a very big prime p such that p1 is smooth (i.e. has only small prime factors). The output is a prime of the form N! + 1
10888869450418352160768000000 p = 27 ! + 1 is prime 10888869450418352160768000000 p = 27 ! + 1 is prime 
Sage automatically employs PohligHellman and Babystep Giantstep when asked to compute a discrete log:
Time: CPU 0.00 s, Wall: 0.00 s Time: CPU 0.00 s, Wall: 0.00 s 
5 5 
The next prime number after N! + 1 is not smooth. It has large prime factors
[2, 23, 353, 302928209, 2213658058565713] [2, 23, 353, 302928209, 2213658058565713] 
The capabilities of our sage server are somewhat limited. For example it won't be able to compute Log_5(100) in F_p* with p = 27! + 47. More processing power can easily achieve this though. For cryptosystems based on the hardness of DLP it is recommended to use a prime p such that p1 has a prime factor q that is at least 256 bits (i.e. q ~ 2^256). By way of contast the largest prime factor of p1 = 27! + 47 1 is approximately 50 bits.
True True 
Here is another example verifying the solution to a DLP. It was found using better hardware and a better algorithm based on index calculus. Here the largest prime factor of p1 has 145bits.
p is prime? True a^x =? b: True largest prime factor of p1 has (bit) size 145.415037499 p is prime? True a^x =? b: True largest prime factor of p1 has (bit) size 145.415037499 
