Commit 4403e6b6 authored by Adam Langley's avatar Adam Langley

crypto/rsa: change public exponent from 3 to 65537

Although there's still no concrete security reason not to use 3, I
think Bleichenbacher has convinced me that it's a useful defense and
it's what everyone else does.

R=bradfitz, rsc
CC=golang-dev
https://golang.org/cl/5307060
parent c3733b29
...@@ -116,15 +116,7 @@ func GenerateKey(random io.Reader, bits int) (priv *PrivateKey, err os.Error) { ...@@ -116,15 +116,7 @@ func GenerateKey(random io.Reader, bits int) (priv *PrivateKey, err os.Error) {
// [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf // [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (priv *PrivateKey, err os.Error) { func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (priv *PrivateKey, err os.Error) {
priv = new(PrivateKey) priv = new(PrivateKey)
// Smaller public exponents lead to faster public key priv.E = 65537
// operations. Since the exponent must be coprime to
// (p-1)(q-1), the smallest possible value is 3. Some have
// suggested that a larger exponent (often 2**16+1) be used
// since previous implementation bugs[1] were avoided when this
// was the case. However, there are no current reasons not to use
// small exponents.
// [1] http://marc.info/?l=cryptography&m=115694833312008&w=2
priv.E = 3
if nprimes < 2 { if nprimes < 2 {
return nil, os.NewError("rsa.GenerateMultiPrimeKey: nprimes must be >= 2") return nil, os.NewError("rsa.GenerateMultiPrimeKey: nprimes must be >= 2")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment