[cryptography] any reason to prefer one java crypto library over another

ianG iang at iang.org
Wed Jan 30 04:27:22 EST 2013

On 30/01/13 06:36 AM, Kevin W. Wall wrote:

> And add to that the recent thread about OAEP weakness with RSA,

(on that other thread, I remain unconvinced either way, but I'm reading 
each post with interest, many times.  Thanks to all!)

> I'd say there are no secure padding schemes for RSA encryption, at
> least in SunJCE. (I've not checked what Bouncy Castle has to offer.)

In looking at BC's lightweight (non-JCE) library, I see OAEP, PKCS1, 
ISO9796d1 and two versions for blinding (thanks Adam for that 
description of why we want to use blinding, it had me confused...).


More information about the cryptography mailing list