[Cryptography] Standard exponents in RSA

[Peter Gutmann]

David Mercer <radix42 at gmail.com> writes:

>I wonder if any performance obsessed fool has been spotted in the wild using 
>an exponent of zero, which would be the RSA version of ROT-13, no?

Until not too long ago, many implementations would accept e=1.  Windows 
CryptoAPI still does, as a means of allowing plaintext key export while still 
being FIPS 140 compliant.

Peter.