A similar approach enabled Bleichenbacher's SSL attack on RSA with PKCS#1 padding. This sounds very dangerous to me. William

-----Original Message----- From: owner-cryptography@metzdowd.com [mailto:owner-cryptography@metzdowd.com] On Behalf Of cyphrpunk Sent: Friday, October 28, 2005 5:07 AM To: cypherpunks@jfet.org; cryptography@metzdowd.com Subject: Re: [smb@cs.columbia.edu: Skype security evaluation]

Wasn't there a rumor last year that Skype didn't do any encryption padding, it just did a straight exponentiation of the plaintext?

Would that be safe, if as the report suggests, the data being encrypted is 128 random bits (and assuming the encryption exponent is considerably bigger than 3)? Seems like it's probably OK. A bit risky perhaps to ride bareback like that but I don't see anything inherently fatal.

CP

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com