[2884] in cryptography@c2.net mail archive
PKCS#1 Attack Summary, Addendum.
daemon@ATHENA.MIT.EDU (Bill Stewart)
Sat Jun 27 00:12:50 1998
Date: Fri, 26 Jun 1998 20:33:33 -0700
To: cypherpunks@cyberpass.net, cryptography@c2.net
From: Bill Stewart <bill.stewart@pobox.com>
[I seem to have sent the preceding message out prematurely...]
RSA's revised PKCS#1v2 takes a different approach to the problem,
using "Optimal Asymmetric Encryption Padding" (OAEP),
which uses a pseudo-random masking function on the padded data,
in a manner based on the plaintext, which will only
unmask successfully if the string was decrypted successfully,
so it doesn't give away any bits of the real data.
There's some discussion of this in CryptoBytes from Spring 96.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
