[12441] in cryptography@c2.net mail archive
Re: question about rsa encryption
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Feb 3 16:21:52 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Scott G. Kelly" <scott@bstormnetworks.com>
Cc: crypto mailing list <cryptography@wasabisystems.com>
Date: Mon, 03 Feb 2003 15:28:14 -0500
In message <3E3EC816.67907732@bstormnetworks.com>, "Scott G. Kelly" writes:
>I have a question regarding RSA encryption - forgive me if this seems
>amateur-ish -, but 'm still a beginner. I seem to recall reading
>somewhere that there is some issue with directly encrypting data with an
>RSA public key, perhaps some vulnerability, but I can't find any
>reference after a cursory look. Does anyone know of any issue with using
>RSA encryption to encrypt a symmetric key under the target's public key
>if the encrypted value is public (e.g. sent over a network)?
>
Transmitting a private key under RSA encryption can have subtle failure
modes. I suggest that you use a published standard such as OAEP, from
PKCS #1.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
