question about rsa encryption
Anton Stiglic
astiglic at okiok.com
Wed Feb 5 10:03:01 EST 2003
> > That brings on another amateur question. In that article it says,
> > "If the public exponent is less than a quarter of the modulus, RSA
> > can be insecure."
> >
> > Well, the public exponents I've seen range from 17 to 65537. What
> > gives? Is this just one of the many weaknesses mitigated by proper
> > padding?
>
> This should probably refer to the private exponent.
No, it also applies to the public exponent if the messages you encrypt are
related in a simple way (something like OAEP will make them *not* related
in that simple way and prevent the attack). Funny thing is that the attack
is
described in the paper by Boneh that *you* cited, which I also mentioned
in my last post...
There are also attacks on low private exponents, but that`s something else
(good randomized padding doesn't prevent that)...
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list