[Cryptography] Standard exponents in RSA
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Oct 30 23:32:16 EDT 2013
David Mercer <radix42 at gmail.com> writes:
>I wonder if any performance obsessed fool has been spotted in the wild using
>an exponent of zero, which would be the RSA version of ROT-13, no?
Until not too long ago, many implementations would accept e=1. Windows
CryptoAPI still does, as a means of allowing plaintext key export while still
being FIPS 140 compliant.
Peter.
More information about the cryptography
mailing list