[cryptography] RSA question
James A. Donald
jamesd at echeque.com
Tue Aug 31 13:07:26 EDT 2010
On 2010-08-31 5:07 PM, Justin Ferguson wrote:
> Hi,
>
> I'm not really much of a crypto guy so when the details come up it's
> often kind of hard for me to entirely wrap my head around. That said,
> I'm currently dealing with a situation where the public key,
> plain-text and cipher-text are all known to an attacker; furthermore,
> the random oracles/et cetera employed during the OEAP scheme are also
> known to the attacker. Furthermore, the attacker can modify those
> values (id est random oracle values of zero, or whatever the attacker
> wants) and repeat the plain-text to cipher-text process as they see
> fit. Furthermore, the key length exceeds the length of the message.
> Basically, only the private key is not under the attackers control.
>
>> From that, what I am getting is that this is virtually the same as RSA
> without the padding scheme and should be vulnerable due to it being a
> deterministic algorithm; however my question is how much does it
> really reduce the complexity? Is an attack against this even feasible
> in any practical terms?
RSA allows anyone to encrypt anything they choose using Alice's public
key, but only Alice can decrypt, for she alone has the private key.
What the attacker can do, on seeing an encrypted message, and wishing to
decrypt it, is guess all likely plain texts, and try them.
To prevent this, the message must be unguessable. It must contain a
large secret random number, (padding) or else must *be* a large secret
random number.
The usual procedure is to generate a large random number, encrypt it
using RSA, and use this secret number to symmetrically encrypt the
actual message.
The answer to your question is a question: Are you RSA encrypting a
secret, and if you are, is the secret sufficiently random?
More information about the cryptography
mailing list