1994-07-02 - Re: Un-Documented Feature

Header Data

From: schirado@lab.cc.wmich.edu (No Taxes through No Government)
To: cypherpunks@toad.com
Message Hash: b32552c8f23570e6645fc657421073a5b1fd5398b4208f7c19b17845444e3083
Message ID: <9407020254.AA24485@lab.cc.wmich.edu>
Reply To: N/A
UTC Datetime: 1994-07-02 02:54:16 UTC
Raw Date: Fri, 1 Jul 94 19:54:16 PDT

Raw message

From: schirado@lab.cc.wmich.edu (No Taxes through No Government)
Date: Fri, 1 Jul 94 19:54:16 PDT
To: cypherpunks@toad.com
Subject: Re: Un-Documented Feature
Message-ID: <9407020254.AA24485@lab.cc.wmich.edu>
MIME-Version: 1.0
Content-Type: text/plain



trollins@debbie.telos.com (Tom Rollins) writes:

>PGP 2.6ui has an undocumented feature.
>
>When generating a Public/Secret key pair PGP documentaion shows
>the command "pgp -kg" as the way to generate the keys.
>I had posted about how pgp uses a small public key exponent
>of 17 which is 5 bits.
>It turns out that this is only the default setting.
>An Un-Documented feature in PGP 2.6ui (I don't know about other
>versions as I don't have source code for them) lets you specify
>the number of bits in your public key exponent.
>The command "pgp -kg keybits ebits" will let you specify this
>public key exponent size. For example "pgp -kg 1024 256" will
>generate a key with modulus of aprox 1024 bits and a public
>key exponent of 256 bits rather than the 5 bit default.
>
>Too Bad pgp doesn't let you look at the public key exponent.
>I had to write some code to see them.

Questions:

1) In non-mathematical terms, if possible, what difference does this
   make in terms of security?

2) Does anyone know why is this undocumented?

3) What changes did you make? Sounds like it would be a well-received
   set of patches to be made public.


(I'm well aware of the current arguments regarding algorithmic strength
being no substitute for secure key management; I'm merely curious.)






Thread