question about rsa encryption
Eric Rescorla
ekr at rtfm.com
Tue Feb 4 16:23:34 EST 2003
Matt Crawford <crawdad at fnal.gov> writes:
> > RSA is subject to blinding attacks and several other failure modes if
> > used without padding. For details on what that means, read the
> > cyclopedia cryptologia article on RSA.
> >
> > http://www.disappearing-inc.com/R/rsa.html
>
> That brings on another amateur question. In that article it says,
> "If the public exponent is less than a quarter of the modulus, RSA
> can be insecure."
>
> Well, the public exponents I've seen range from 17 to 65537. What
> gives? Is this just one of the many weaknesses mitigated by proper
> padding?
Yes. Notice that the next sentence was:
"You should consider padding every block encrypted with RSA
with randomized salt, if you can; 100 bits or more will make
any of these attacks fail completely."
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list