Tim Hudson <t...@cryptsoft.com> writes:

>Does anyone recollect the history behind and the implications of the (open)
>SSH choice of 35 as a hard-wired public exponent?

/* OpenSSH versions up to 5.4 (released in 2010) hardcoded e = 35, which is
   both a suboptimal exponent (it's less efficient that a safer value like 257
   or F4) and non-prime.  The reason for this was that the original SSH used
   an e relatively prime to (p-1)(q-1), choosing odd (in both senses of the
   word) numbers > 31.  33 or 35 probably ended up being chosen frequently so
   it was hardcoded into OpenSSH for cargo-cult reasons, finally being fixed
   after more than a decade to use F4.  In order to use pre-5.4 OpenSSH keys
   that use this odd value we make a special-case exception for SSH use */

The cryptography mailing list

Reply via email to