crypto for the average programmer
Alexander Klimov
alserkli at inbox.ru
Mon Dec 12 11:15:05 EST 2005
On Mon, 12 Dec 2005, Travis H. wrote:
> In Peter Gutmann's godzilla cryptography tutorial, he has some really
> good (though terse) advice on subtle gotchas in using DH/RSA/Elgamal.
> I learned a few no-nos, such as not sending the same message to 3
> seperate users in RSA (if using 3 as an encryption exponent).
Probably you have misunderstood it: if you do it correctly (e.g.,
use some standard method like RSAES-OAEP or even RSAES-PKCS1-v1_5)
you can send the same message to 3 (or whatever) separate users
without any bad consequences. The problem appears if you use some
non-standard method, e.g., plain RSA (c = m^e \pmod n).
> My question is, what is the layperson supposed to do, if they must
> use crypto and can't use an off-the-shelf product?
This is quite simple: get some respected standard (see, e.g.,
NIST <http://csrc.nist.gov/CryptoToolkit/> or
PKCS <http://www.rsasecurity.com/rsalabs/node.asp?id=2124>) and
implement it exactly. Interoperability is a bonus :-)
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list