RSA question
Perry E. Metzger
perry at piermont.com
Wed Sep 1 13:48:10 EDT 2010
On Tue, 31 Aug 2010 09:20:53 -0700 Justin Ferguson
<jnferguson at gmail.com> wrote:
> Hi,
>
> Correct me if I am wrong, but my understanding is that the padding
> scheme is the only thing that keeps the ciphertext from being
> deterministic. Thus without it, the attacker could generate
> ciphertexts until their ciphertext matched the real one. My question
> is mostly how much does the lack of/determinism in padding help the
> attacker? Or is this the same as more or less brute forcing with the
> padding?
The function of the padding is to prevent chosen ciphertext
attacks as well. Those are very feasible in the absence of padding.
I'm surprised no one has chimed in so far to mention this.
Padding prevents other attacks including attacks on common exponents.
Perry
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list