[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Un-Documented Feature




[email protected] (Tom Rollins) writes:

>PGP 2.6ui has an undocumented feature.
>
>When generating a Public/Secret key pair PGP documentaion shows
>the command "pgp -kg" as the way to generate the keys.
>I had posted about how pgp uses a small public key exponent
>of 17 which is 5 bits.
>It turns out that this is only the default setting.
>An Un-Documented feature in PGP 2.6ui (I don't know about other
>versions as I don't have source code for them) lets you specify
>the number of bits in your public key exponent.
>The command "pgp -kg keybits ebits" will let you specify this
>public key exponent size. For example "pgp -kg 1024 256" will
>generate a key with modulus of aprox 1024 bits and a public
>key exponent of 256 bits rather than the 5 bit default.
>
>Too Bad pgp doesn't let you look at the public key exponent.
>I had to write some code to see them.

Questions:

1) In non-mathematical terms, if possible, what difference does this
   make in terms of security?

2) Does anyone know why is this undocumented?

3) What changes did you make? Sounds like it would be a well-received
   set of patches to be made public.


(I'm well aware of the current arguments regarding algorithmic strength
being no substitute for secure key management; I'm merely curious.)