Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI

Peter Gutmann pgut001 at
Thu Sep 17 01:20:33 EDT 2009

"Kevin W. Wall" <kevin.w.wall at> writes:

>(Obviously some of these padding schemes such as OAEP are not suitable with
>symmetric ciphers. Or at least I don't think they are.)

You'd be surprised at what JCE developers will implement just because they
can, and what therefore gets used by application developers.  I've seen 
RSA-CBC used on more than one occasion.

(No, that's not a typo, RSA in CBC mode.  The app developers wondered why it
was so slow).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list