On 11/14/2014 07:47 AM, Quentin Gouchet wrote: > The user can call RSA key generation and specify the public > exponent exp in a hexadecimal format. > > Example: openssl genrsa -choose 72bdf -out key.pem 4096 > Signed-off-by: Quentin <quentin.gouc...@gmail.com> <quentin.gouc...@gmail.com>
This is an interesting proposal, but i don't think it's a good idea. > + /* Not checking whether exp >= 2**16+1 since there is > + * no proof that small > + * public exponent is a threat. > + * Choosing e = 1 or e = 3 is thus possible > + */ This strikes me as dangerously misguided. See section 4 of "Twenty years of attacks on the RSA cryptosystem" by Dan Boneh for a description of several attacks on low public exponents: https://crypto.stanford.edu/~dabo/pubs/papers/RSA-survey.pdf And afaict, e = 1 is a complete disaster. There are also more mundane problems with this patch (note that resolving these easy problems doesn't fix the serious concerns described above). * if it's going to be done, the argument should be better than -choose -- something like -exponent would be clearer. * there is no patch to the genrsa manpage included * the value is interpreted as hexadecimal, even though other values passed by the user to genrsa (like the number of bits) is interpreted as decimal --dkg
signature.asc
Description: OpenPGP digital signature
