RSA no longer sparks joy. It is an intrinsically fragile crypto system containing countless foot-guns which the average software engineer cannot be expected to avoid. Bad parameters are extremely difficult - if not impossible - to check, and its relatively poor performance encourages developers to take risky shortcuts. Even worse, padding oracle attacks remain rampant 20 years after Bleichenbacher's seminal paper. Folks, it's time to accept it - the only way to securely use RSA is to not use it at all.
Ben Perez is a Security Engineer at Trail of Bits