[45238] in cryptography@c2.net mail archive
RE: Exponent 3 damage spreads...
daemon@ATHENA.MIT.EDU (Whyte, William)
Thu Sep 21 15:59:18 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 21 Sep 2006 07:00:03 -0400
From: "Whyte, William" <WWhyte@ntru.com>
To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>,
<cryptography@metzdowd.com>, <daw@cs.berkeley.edu>
> Similarly, the thousands of words of nitpicking standards, bashing =
ASN.1, and
> so on ad nauseum, can be eliminated entirely by following one simple =
rule:
>=20
> Don't use e=3D3
I'd extend it to "don't use e <=3D 17". The PKCS#1 attack will work with
e =3D 17, SHA-512 and RSA-15360, and someone's bound to implement =
RSA-15360
somewhere to claim 256-bit security.
William
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com