[45238] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

RE: Exponent 3 damage spreads...

daemon@ATHENA.MIT.EDU (Whyte, William)
Thu Sep 21 15:59:18 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 21 Sep 2006 07:00:03 -0400
From: "Whyte, William" <WWhyte@ntru.com>
To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>,
	<cryptography@metzdowd.com>, <daw@cs.berkeley.edu>

> Similarly, the thousands of words of nitpicking standards, bashing =
ASN.1, and
> so on ad nauseum, can be eliminated entirely by following one simple =
rule:
>=20
>   Don't use e=3D3

I'd extend it to "don't use e <=3D 17". The PKCS#1 attack will work with
e =3D 17, SHA-512 and RSA-15360, and someone's bound to implement =
RSA-15360
somewhere to claim 256-bit security.

William

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post