17 Dec
2003
17 Dec
'03
11:17 p.m.
From: Phil Karn <karn@unix.ka9q.ampr.org> Isn't it common practice to pad out a plaintext block with random garbage to the size of the modulus before you RSA-encrypt it? [...] Wouldn't this thwart the kind of attack you describe? It would, but not having ever applied for a 15-day CJ, I can't speak to the details of what the implementations actually do. Perhaps they permit random padding, perhaps not. It's certainly possible that the padding is required to be fixed; that certainly in the style of NSA 'requests' for 'features'. Can anybody here shed some light on the subject? Eric