> Similarly, the thousands of words of nitpicking standards, bashing ASN.1, and
> so on ad nauseum, can be eliminated entirely by following one simple rule:
>   Don't use e=3

I'd extend it to "don't use e <= 17". The PKCS#1 attack will work with
e = 17, SHA-512 and RSA-15360, and someone's bound to implement RSA-15360
somewhere to claim 256-bit security.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to