PGP's e exponent too small?

Mike Ingle MIKEINGLE at delphi.com
Sat Jan 15 21:38:10 PST 1994


Is the e exponent in PGP too small? It's usually 17 decimal.

Applied Cryptography pp. 287-288 says:

"Low Exponent Attack Against RSA

Another suggestion to 'improve' RSA is to use low values for e, the public
key. This makes encryption fast and easy to perform. Unfortunately, it is
also insecure. Hastad demonstrated a successful attack against RSA with a
low encryption key [417]. Another attack by Michael Wiener will recover e,
when e is up to one quarter the size of n [878]. A low decryption key, d,
is just as serious a problem. Moral: Choose large values for e and d."

--- Mike

P.S. Anyone know where to get a Capstone chip?






More information about the cypherpunks-legacy mailing list