Re: gnupg rsa question // why use e of 41 ?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: gnupg rsa question // why use e of 41 ?

From: daniel bleichenbacher <daniel_bleichenbacher@yahoo.com>
Date: Sun Apr 30 2006 - 13:19:14 CEST



Sorry, I do not agree with this opinion. There are many attacks that


work


well with very small exponents such as e=3, but don't work or are much


harder with e=65537 or larger. Of course these attacks can be avoided


if implemented correctly. But implementations do have mistakes. And


from


analysing many cryptographic libraries I know that these libraries have


much


more mistakes that one commonly expects. Thus, to me it seems to be a


good


idea to make RSA implementations more robust by avoiding the smallest


exponents. In fact, I'd even avoid e=41 and just generally use at least


e=65537.



Daniel Bleichenbacher


Received on Mon May  1 02:06:19 2006