[12457] in cryptography@c2.net mail archive
Re: question about rsa encryption
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Tue Feb 4 20:25:32 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
To: Matt Crawford <crawdad@fnal.gov>
Cc: bear <bear@sonic.net>,
crypto mailing list <cryptography@wasabisystems.com>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 04 Feb 2003 13:23:34 -0800
In-Reply-To: <200302041656.h14GukG20403@gungnir.fnal.gov>
Matt Crawford <crawdad@fnal.gov> writes:
> > RSA is subject to blinding attacks and several other failure modes if
> > used without padding. For details on what that means, read the
> > cyclopedia cryptologia article on RSA.
> >
> > http://www.disappearing-inc.com/R/rsa.html
>
> That brings on another amateur question. In that article it says,
> "If the public exponent is less than a quarter of the modulus, RSA
> can be insecure."
>
> Well, the public exponents I've seen range from 17 to 65537. What
> gives? Is this just one of the many weaknesses mitigated by proper
> padding?
Yes. Notice that the next sentence was:
"You should consider padding every block encrypted with RSA
with randomized salt, if you can; 100 bits or more will make
any of these attacks fail completely."
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
