

[Crypto] Is the limited set of exponents (e) in RSA a backdoor? - zyad

Why only {3, 5, 17, 257, 65537}?
Some says it&#x27;s for performance reasons(Fermat primes).
Is it a possibility that some sort of &quot;rainbow tables&quot; have been computed for these values ?
======
saurik
They are primes of low hamming weight, so the exponentiationd you have to do
are cheaper (imagine a multiplication, long hand, where almost all of the
digits are 0: that really helps). You actually don't want a small exponent, as
it will fail to saturate the modulus (so please, don't use 3, that is a well-
known bad thing to do with RSA). As for a "rainbow table", that is a concept
that only applies to hashes; if you just mean a full lookup table, the time
complexity of attacking RSA directly comes from the modulus, not the exponent.

~~~
zyad
Thank you for your explanation.

