Thoughts on 15 day CJ crypto
Eric Hughes
eric at remailer.net
Sat Dec 24 08:50:02 PST 1994
From: Phil Karn <karn at unix.ka9q.ampr.org>
Isn't it common practice to pad out a plaintext block with random
garbage to the size of the modulus before you RSA-encrypt it?
[...]
Wouldn't this thwart the kind of attack you describe?
It would, but not having ever applied for a 15-day CJ, I can't speak
to the details of what the implementations actually do. Perhaps they
permit random padding, perhaps not. It's certainly possible that the
padding is required to be fixed; that certainly in the style of NSA
'requests' for 'features'.
Can anybody here shed some light on the subject?
Eric
More information about the cypherpunks-legacy
mailing list