[cryptography] RSA Moduli (NetLock Minositett Kozjegyzoi Certificate)

Steven Bellovin smb at cs.columbia.edu
Sun Mar 25 10:33:32 EDT 2012


On Mar 25, 2012, at 1:16 PM, Florian Weimer wrote:

> * Thierry Moreau:
> 
>> The unusual public RSA exponent may well be an indication that the
>> signature key pair was generated by a software implementation not
>> encompassing the commonly-agreed (among number-theoreticians having
>> surveyed the field) desirable strategies.
> 
> I don't think this conclusion is warranted.  Most textbooks covering
> RSA do not address key generation in much detail.  Even the Menezes et
> al. (1996) is a bit sketchy, but it mentions e=3 and e=2**16+1 as
> "used in practice".  Knuth (1981) fixes e=3.  On the other side, two
> popular cryptography textbooks, Schneier (1996) and Stinson (2002),
> recommend to choose e randomly.  None of these sources gives precise
> guidance on how to generate the key material, although Menezes et al.
> gives several examples of what you should not do.

2^16+1 (or numbers of that pattern) give good performance for encryption
or for signature verification.  NIST's standards require that public
keys be odd, positive [sic] integers between 65537 and 2^256-1
(http://csrc.nist.gov/publications/nistpubs/800-78-3/sp800-78-3.pdf).


		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list