The system I am describing chose e to be fast for signature verification (i.e., much smaller than d). (I think you get this, based on your last sentence.)This was because RSA was originally only used for signatures. Then the engineers later tried to add encryption by keeping (e, n) secret. In any case where e is not chosen randomly but is much smaller than d, it is subject to brute-force guessing and thus you can calculate n. The engineers’ mistake was in thinking that n can be kept secret in this case.

The first article in this series explained this in more detail.

No, if you are going to try and keep the “public” exponent a secret, you make it the same sort of size as the private exponent and modulus, 2^1024 or larger.

This is unreasonable for normal usage, since it just makes verification pointlessly slow. And if you have to keep both halves secret at both ends of communication, why not just use a symmetric key? (In the example given, because they were trying to reuse an existing key intended only for signature, which is why it almost certainly does have a small public exponent.)

I agree there is no need for n to be secret. In fact, you’re missing the whole point of these articles — when using n with signatures, it NEVER CAN be kept secret, even if you wanted to. Perhaps you missed the previous article where the vendor was expecting to keep n secret and use (e, n) for encryption as well as signature verification. Here’s the link again:

http://rdist.root.org/2007/05/01/rsa-public-keys-are-not-private/

“only d and n are actually secrets” -> there is not need for N to be secret at all its a public value as long as it big enough there isn’t a single problem.