[cryptography] RSA Moduli (NetLock Minositett Kozjegyzoi Certificate)
thierry.moreau at connotech.com
Mon Mar 26 10:29:13 EDT 2012
Florian Weimer wrote:
> * Thierry Moreau:
>> The unusual public RSA exponent may well be an indication that the
>> signature key pair was generated by a software implementation not
>> encompassing the commonly-agreed (among number-theoreticians having
>> surveyed the field) desirable strategies.
> I don't think this conclusion is warranted. Most textbooks covering
> RSA do not address key generation in much detail. Even the Menezes et
> al. (1996) is a bit sketchy, but it mentions e=3 and e=2**16+1 as
> "used in practice". Knuth (1981) fixes e=3. On the other side, two
> popular cryptography textbooks, Schneier (1996) and Stinson (2002),
> recommend to choose e randomly. None of these sources gives precise
> guidance on how to generate the key material, although Menezes et al.
> gives several examples of what you should not do.
The original RSA publication suggests generating the RSA modulus N, and
then the encryption and decryption exponents, resp. e and d, so that the
first selection of the public exponent e might be rejected.
The current recommendations fixes the decryption exponent, and then
tries random N until e mod phi(N) and d mod phi(N) are both >1. The
current "desirable strategies" encompass more provisions, of course.
What I meant is that the occurrence of an encryption exponent not "used
in practice" may be an indication that the key generation procedure was
more like the one suggested in the original RSA publication.
- Thierry Moreau
More information about the cryptography