[12462] in cryptography@c2.net mail archive
Re: question about rsa encryption
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Wed Feb 5 10:59:32 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "Whyte, William" <WWhyte@ntru.com>,
"Matt Crawford" <crawdad@fnal.gov>, "bear" <bear@sonic.net>
Cc: "crypto mailing list" <cryptography@wasabisystems.com>
Date: Wed, 5 Feb 2003 10:03:01 -0500
> > That brings on another amateur question. In that article it says,
> > "If the public exponent is less than a quarter of the modulus, RSA
> > can be insecure."
> >
> > Well, the public exponents I've seen range from 17 to 65537. What
> > gives? Is this just one of the many weaknesses mitigated by proper
> > padding?
>
> This should probably refer to the private exponent.
No, it also applies to the public exponent if the messages you encrypt are
related in a simple way (something like OAEP will make them *not* related
in that simple way and prevent the attack). Funny thing is that the attack
is
described in the paper by Boneh that *you* cited, which I also mentioned
in my last post...
There are also attacks on low private exponents, but that`s something else
(good randomized padding doesn't prevent that)...
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
