Re: Performance of RSA key generation



Ertugrul Söylemez <es@xxxxxxxx> writes:

When I wrote an RSA implementation, I picked p and q randomly and chose
the public exponent accordingly. That seems to work very well. I
wonder why other implementations don't do it that way.

I think that SSH at least used to do that. The downside is that the
public exponents can have higher Hamming weight, and there are security
reasons (e.g., Shoup's reduction for RSA-OAEP) for forcing e = 3.

-- [mdw]
.



Relevant Pages

  • Re: Performance of RSA key generation
    ... Mark Wooding wrote: ... chose the public exponent accordingly. ... I wonder why other implementations don't do it that way. ...
    (sci.crypt)
  • Re: Performance of RSA key generation
    ... chose the public exponent accordingly. ... I wonder why other implementations don't do it that way. ... at least for primes with less than ...
    (sci.crypt)