Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI

Jerry Leichter leichter at
Thu Sep 17 20:35:45 EDT 2009

On Sep 17, 2009, at 1:20 AM, Peter Gutmann wrote:

> "Kevin W. Wall" <kevin.w.wall at> writes:
>> (Obviously some of these padding schemes such as OAEP are not  
>> suitable with
>> symmetric ciphers. Or at least I don't think they are.)
> You'd be surprised at what JCE developers will implement just  
> because they
> can, and what therefore gets used by application developers.  I've  
> seen
> RSA-CBC used on more than one occasion.
> (No, that's not a typo, RSA in CBC mode.  The app developers  
> wondered why it
> was so slow).
Interesting.  It sounds as if the JCE developers have gone from one  
extreme to another.  I no longer remember the details, but a number of  
years back, in a project I was involved with, we needed to implement  
some particular (sane) combination of a cipher and a mode.  JCE at the  
time had a fixed list of combinations it was willing to let you use;  
ours wasn't on that list.  "ECB" wasn't an accepted mode, so it wasn't  
easy to build your own mode out of what the API provided.
                                                         -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list