Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We concentrate on the cases when e ( = N ^α ) satisfies eX − ZY = 1, given |N − Z| = N ^τ . Using the idea of Boneh and Durfee (Eurocrypt 1999, IEEE-IT 2000) we show that the LLL algorithm can be efficiently applied to get Z when |Y| = N ^γ and 𝛾<4𝛼𝜏(14𝜏+112𝛼−(14𝜏+112𝛼)2+12𝛼𝜏(112+𝜏24𝛼−𝛼8𝜏)‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾√). This idea substantially extends the class of weak keys presented by Nitaj (Africacrypt 2008) when Z = ψ(p, q, u, v) = (p − u)(q − v). Further, we consider Z = ψ(p, q, u, v) = N − pu − v to provide a new class of weak keys in RSA. This idea does not require any kind of factorization as used in Nitaj’s work. A very conservative estimate for the number of such weak exponents is N ^{0.75 − ε} , where ε> 0 is arbitrarily small for suitably large N.