> > That brings on another amateur question. In that article it says, > > "If the public exponent is less than a quarter of the modulus, RSA > > can be insecure." > > > > Well, the public exponents I've seen range from 17 to 65537. What > > gives? Is this just one of the many weaknesses mitigated by proper > > padding? > > This should probably refer to the private exponent.
No, it also applies to the public exponent if the messages you encrypt are related in a simple way (something like OAEP will make them *not* related in that simple way and prevent the attack). Funny thing is that the attack is described in the paper by Boneh that *you* cited, which I also mentioned in my last post... There are also attacks on low private exponents, but that`s something else (good randomized padding doesn't prevent that)... --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
