Matt Crawford <[EMAIL PROTECTED]> writes:
> > RSA is subject to blinding attacks and several other failure modes if
> > used without padding. For details on what that means, read the
> > cyclopedia cryptologia article on RSA.
> >
> > http://www.disappearing-inc.com/R/rsa.html
>
> That brings on another amateur question. In that article it says,
> "If the public exponent is less than a quarter of the modulus, RSA
> can be insecure."
>
> Well, the public exponents I've seen range from 17 to 65537. What
> gives? Is this just one of the many weaknesses mitigated by proper
> padding?
Yes. Notice that the next sentence was:
"You should consider padding every block encrypted with RSA
with randomized salt, if you can; 100 bits or more will make
any of these attacks fail completely."
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
