[147906] in cryptography@c2.net mail archive
Re: [Cryptography] Standard exponents in RSA
daemon@ATHENA.MIT.EDU (Ralph Holz)
Wed Oct 30 20:29:54 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 30 Oct 2013 23:47:12 +0100
From: Ralph Holz <ralph-cryptometzger@ralphholz.de>
To: cryptography@metzdowd.com
In-Reply-To: <20131030190242.7a9e11a7@hboeck.de>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Hi,
>> the two most common exponents that one finds in X.509 RSA certs are
>> 65537 and 17 -- in my data, they account for near 100%. Have these
>> been chosen as the result of some standardisation and was there some
>> cryptographic reasoning behind it, or is it simply that any exponent
>> will do? Any performance issues?
>
> NIST SP 800-56B says so:
> http://csrc.nist.gov/publications/nistpubs/800-56B/sp800-56B.pdf
>
> (or to be precise, it says minimum size 65537 - so most people seem to
> choose the minimum, which is also fast in computation)
Excellent, thanks!
Ralph
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
