From: Hal <hfinney@shell.portal.com>
Date: Sat, 17 Dec 94 12:58:30 PST
To: cypherpunks@toad.com
Subject: Re: Thoughts on 15 day CJ crypto
In-Reply-To: <199412171924.LAA10824@largo.remailer.net>
Message-ID: <199412172058.MAA13081@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

eric@remailer.net (Eric Hughes) writes:

>   From: Hal <hfinney@shell.portal.com>

>   Also, are there restrictions on the encryption exponent?  A 1024 bit RSA
>   with a small encryption exponent would be faster to check than a 512 bit
>   RSA with an arbitrary 512 bit encryption exponent.  

>These are public key operations, remember.  The public exponents are
>usually only a few bits long anyway, no matter what the modulus.  

That's what I mean.  "Usually" they are, but that helps a snooper to
check his guess.  Maybe it would be wise when using limited-length
session keys to use larger encryption exponents just to confound an
exhaustive search of the session key space.  I think it is surprising
if there is no limitation on encryption exponent size for these
exportable key systems, assuming that is the strategy the government is
using.

Hal

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBLvNQxRnMLJtOy9MBAQHXdAIAmvtcjZUXJF97vROjOFQK1DJ2jx44GhZq
CkmETSb8nmkzJhRVDYyQ7aZgWKSOril2MQsTRkJ59DyLKGZY7qQ6oQ==
=e06A
-----END PGP SIGNATURE-----