[cryptography] Why using asymmetric crypto like symmetric crypto isn't secure

Sandy Harris sandyinchina at gmail.com
Fri Nov 9 21:52:29 EST 2012

On Sat, Nov 3, 2012 at 5:29 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

>   [...] We show that if the RSA cryptosystem is used in such a symmetric
>   application, it is possible to determine the public RSA modulus if the
>   public exponent is known and short, such as 3 or F4=65537, and two or more
>   plaintext/ciphertext (or, if RSA is used for signing, signed
>   value/signature) pairs are known.

Is this a different attack from Weiner's "Cryptanalysis of Short RSA
Secret Exponents"?

I thought it had been known for at least a decade that small exponents were
a bad idea, because of the Weiner paper.

More information about the cryptography mailing list