From: Hal <hfinney@shell.portal.com> Maybe it would be wise when using limited-length session keys to use larger encryption exponents just to confound an exhaustive search of the session key space. It would, but remember that you're generally going to be generating those keys with the application that will be using them eventually. One could write a spoofer, perhaps, to generate you're own keys, but most people won't be using it. I think it is surprising if there is no limitation on encryption exponent size for these exportable key systems, assuming that is the strategy the government is using. Consider the position from the viewpoint of the NSA. Suppose that the hypothesis is correct, and session keys encrypted with short exponents are used to verify candidates. You haven't told anybody this is the reason for the particulars of the restrictions. So, do you, the NSA, write the restriction into the regulation? Or do you rely on the fact that the developer will optimize public keys for speed? The first strategy reveals tactics. The second carries some risk. Eric