Am Freitag, 14. November 2014, 08:08:00 schrieb Daniel Kahn Gillmor: Hi Daniel,
> On 11/14/2014 07:47 AM, Quentin Gouchet wrote: > > The user can call RSA key generation and specify the public > > exponent exp in a hexadecimal format. > > > > Example: openssl genrsa -choose 72bdf -out key.pem 4096 > > Signed-off-by: Quentin <[email protected]> > > <[email protected]> > This is an interesting proposal, but i don't think it's a good idea. I agree allowing to choose an arbitrary e is not so good. However, what kind of threats do you see when we would: - use 2**16+1 per default - allow 17 (-F4) as a legacy - allow arbitrary e as long as they are odd and larger than 2**16-1 - disallow anything else. I see that this patch does not enforce such restrictions. I suggest to update the patch to cover the mentioned restrictions. This should be harmless and give a user more flexibility without giving him a gun to shoot himself. -- Ciao Stephan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
