> Similarly, the thousands of words of nitpicking standards, bashing ASN.1, and > so on ad nauseum, can be eliminated entirely by following one simple rule: > > Don't use e=3
I'd extend it to "don't use e <= 17". The PKCS#1 attack will work with e = 17, SHA-512 and RSA-15360, and someone's bound to implement RSA-15360 somewhere to claim 256-bit security. William --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]