Annie Yousar via RT wrote: > Dear all, > Bleichenbacher's attack shows that it was possible to forge a PKCS #1 > v1.5 signature signed by a key using exponent 3. > > Unfortunately the implementation of the OpenSSL command > openssl genrsa ... > allows only to create keys with exponent 3 or F4. Nevertheless the new > RSA key generation routine RSA_generate_key_ex available in 0.9.8 works > already with arbitrary exponents. > > The included minor patch of apps/genrsa.c adds a new option for exponent > selection to the genrsa command. > > Because OpenSSL version 0.9.7 doesn't use RSA_generate_key_ex with > exponents BIGNUM but unsigned long, this patch is applicable to version > 0.9.8++ only.
principally I'm not against such a change but I wonder how useful this feature is (or, in other words, how likely is it that a user selects a good exponent if [s]he doesn't want to use f4 and not something like 1) ? Another alternative might be to let the user specify a range from which a randomly generated exponent is used ... Btw: your patch removes the description of the '-3' option. Cheers, Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
