[147911] in cryptography@c2.net mail archive
Re: [Cryptography] Standard exponents in RSA
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu Oct 31 00:15:06 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 31 Oct 2013 16:32:16 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: hanno@hboeck.de, radix42@gmail.com
In-Reply-To: <CADpjbE256cXLz_toJ-9P8Tw5agP-8UUuZFFsJYXVD81VMOOngw@mail.gmail.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
David Mercer <radix42@gmail.com> writes:
>I wonder if any performance obsessed fool has been spotted in the wild using
>an exponent of zero, which would be the RSA version of ROT-13, no?
Until not too long ago, many implementations would accept e=1. Windows
CryptoAPI still does, as a means of allowing plaintext key export while still
being FIPS 140 compliant.
Peter.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography