From: Adam Langley Date: Wed, 26 Oct 2011 14:41:24 +0000 (-0400) Subject: crypto/rsa: change public exponent from 3 to 65537 X-Git-Tag: weekly.2011-11-01~60 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=4403e6b6d871fdae0e0bf108fd659bd6fa4b84e2;p=gostls13.git crypto/rsa: change public exponent from 3 to 65537 Although there's still no concrete security reason not to use 3, I think Bleichenbacher has convinced me that it's a useful defense and it's what everyone else does. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5307060 --- diff --git a/src/pkg/crypto/rsa/rsa.go b/src/pkg/crypto/rsa/rsa.go index 6957659f28..3df88e0691 100644 --- a/src/pkg/crypto/rsa/rsa.go +++ b/src/pkg/crypto/rsa/rsa.go @@ -116,15 +116,7 @@ func GenerateKey(random io.Reader, bits int) (priv *PrivateKey, err os.Error) { // [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (priv *PrivateKey, err os.Error) { priv = new(PrivateKey) - // Smaller public exponents lead to faster public key - // operations. Since the exponent must be coprime to - // (p-1)(q-1), the smallest possible value is 3. Some have - // suggested that a larger exponent (often 2**16+1) be used - // since previous implementation bugs[1] were avoided when this - // was the case. However, there are no current reasons not to use - // small exponents. - // [1] http://marc.info/?l=cryptography&m=115694833312008&w=2 - priv.E = 3 + priv.E = 65537 if nprimes < 2 { return nil, os.NewError("rsa.GenerateMultiPrimeKey: nprimes must be >= 2")