Re: gnupg rsa question // why use e of 41 ?

daniel bleichenbacher wrote:
Sorry, I do not agree with this opinion. There are many attacks that
work
well with very small exponents such as e=3, but don't work or are much
harder with e=65537 or larger. Of course these attacks can be avoided
if implemented correctly. But implementations do have mistakes. And
from
analysing many cryptographic libraries I know that these libraries have
much
more mistakes that one commonly expects. Thus, to me it seems to be a
good
idea to make RSA implementations more robust by avoiding the smallest
exponents. In fact, I'd even avoid e=41 and just generally use at least
e=65537.

Without padding even e=65537 is not secure.

What's your point?

Tom

.

Relevant Pages

  • Re: gnupg rsa question // why use e of 41 ?
    ... well with very small exponents such as e=3, but don't work or are much ... Of course these attacks can be avoided ... But implementations do have mistakes. ... analysing many cryptographic libraries I know that these libraries have ...
    (sci.crypt)
  • Re: Proof Attempt For Fermats Last Theorem
    ... takes time to learn from your mistakes and finally suceed. ... primefactors and the possible exponents. ... numbers, squarefreeness of Mersenne numbers, Sophie Germain-primes, ... then the problem of the difficult properties of Wieferich primes, ...
    (sci.math)
  • Re: gnupg rsa question // why use e of 41 ?
    ... but not if you use proper padding. ... But implementations do have mistakes. ... source code indicates a developer who didn't understand these issues ... All he needed to know is that smaller exponents might be more risky ...
    (sci.crypt)