diff --git a/contracts/utils/cryptography/RSA.sol b/contracts/utils/cryptography/RSA.sol index c8da4f96206..70c38fd15bb 100644 --- a/contracts/utils/cryptography/RSA.sol +++ b/contracts/utils/cryptography/RSA.sol @@ -36,8 +36,12 @@ library RSA { * 2048 bits. If you use a smaller key, consider replacing it with a larger, more secure, one. * * WARNING: This verification algorithm doesn't prevent replayability. If called multiple times with the same - * digest, public key and (valid signature), it will return true every time. Consider including an onchain nonce or - * unique identifier in the message to prevent replay attacks. + * digest, public key and (valid signature), it will return true every time. Consider including an onchain nonce + * or unique identifier in the message to prevent replay attacks. + * + * WARNING: This verification algorithm supports any exponent. NIST recommends using `65537` (or higher). + * That is the default value many libraries use, such as OpenSSL. Developers may choose to reject public keys + * using a low exponent out of security concerns. * * @param digest the digest to verify * @param s is a buffer containing the signature