[cryptography] Why using asymmetric crypto like symmetric crypto isn't secure
sandyinchina at gmail.com
Fri Nov 9 21:52:29 EST 2012
On Sat, Nov 3, 2012 at 5:29 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> [...] We show that if the RSA cryptosystem is used in such a symmetric
> application, it is possible to determine the public RSA modulus if the
> public exponent is known and short, such as 3 or F4=65537, and two or more
> plaintext/ciphertext (or, if RSA is used for signing, signed
> value/signature) pairs are known.
Is this a different attack from Weiner's "Cryptanalysis of Short RSA
I thought it had been known for at least a decade that small exponents were
a bad idea, because of the Weiner paper.
More information about the cryptography