Alan, thanks for the comment. You are right in the general case, but I am discussing a specific case where that does not apply. If the system designer chose *e* randomly, then it would indeed be safe from brute-force guessing. But as you point out, such a system would be quite slow for both encryption and decryption, and a symmetric key would have been more appropriate.

The system I am describing chose *e* to be fast for signature verification (i.e., much smaller than *d*). (I think you get this, based on your last sentence.)This was because RSA was originally only used for signatures. Then the engineers later tried to add encryption by keeping (*e*, *n*) secret. In any case where *e* is not chosen randomly but is much smaller than *d*, it is subject to brute-force guessing and thus you can calculate *n*. The engineers’ mistake was in thinking that *n* can be kept secret in this case.

The first article in this series explained this in more detail.

]]>No, if you are going to try and keep the “public” exponent a secret, you make it the same sort of size as the private exponent and modulus, 2^1024 or larger.

This is unreasonable for normal usage, since it just makes verification pointlessly slow. And if you have to keep both halves secret at both ends of communication, why not just use a symmetric key? (In the example given, because they were trying to reuse an existing key intended only for signature, which is why it almost certainly does have a small public exponent.)

]]>I agree there is no need for n to be secret. In fact, you’re missing the whole point of these articles — when using n with signatures, it NEVER CAN be kept secret, even if you wanted to. Perhaps you missed the previous article where the vendor was expecting to keep n secret and use (e, n) for encryption as well as signature verification. Here’s the link again:

https://rdist.root.org/2007/05/01/rsa-public-keys-are-not-private/

]]>there is not need to use this value u can use other values also.

“only d and n are actually secrets” -> there is not need for N to be secret at all its a public value as long as it big enough there isn’t a single problem.

]]>