Exponent 3 damage spreads...
Whyte, William
WWhyte at ntru.com
Thu Sep 21 07:00:03 EDT 2006
> Similarly, the thousands of words of nitpicking standards, bashing ASN.1, and
> so on ad nauseum, can be eliminated entirely by following one simple rule:
>
> Don't use e=3
I'd extend it to "don't use e <= 17". The PKCS#1 attack will work with
e = 17, SHA-512 and RSA-15360, and someone's bound to implement RSA-15360
somewhere to claim 256-bit security.
William
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list