question about rsa encryption

Anton Stiglic astiglic at
Wed Feb 5 10:03:01 EST 2003

> > That brings on another amateur question. In that article it says,
> > "If the public exponent is less than a quarter of the modulus, RSA
> > can be insecure."
> >
> > Well, the public exponents I've seen range from 17 to 65537. What
> > gives? Is this just one of the many weaknesses mitigated by proper
> > padding?
> This should probably refer to the private exponent.

No, it also applies to the public exponent if the messages you encrypt are
related in a simple way (something like OAEP will make them *not* related
in that simple way and prevent the attack).  Funny thing is that the attack
described in the paper by Boneh that *you* cited, which I also mentioned
in my last post...

There are also attacks on low private exponents, but that`s something else
(good randomized padding doesn't prevent that)...


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list