On Mon, 12 Dec 2005, Travis H. wrote: > In Peter Gutmann's godzilla cryptography tutorial, he has some really > good (though terse) advice on subtle gotchas in using DH/RSA/Elgamal. > I learned a few no-nos, such as not sending the same message to 3 > seperate users in RSA (if using 3 as an encryption exponent).
Probably you have misunderstood it: if you do it correctly (e.g., use some standard method like RSAES-OAEP or even RSAES-PKCS1-v1_5) you can send the same message to 3 (or whatever) separate users without any bad consequences. The problem appears if you use some non-standard method, e.g., plain RSA (c = m^e \pmod n). > My question is, what is the layperson supposed to do, if they must > use crypto and can't use an off-the-shelf product? This is quite simple: get some respected standard (see, e.g., NIST <http://csrc.nist.gov/CryptoToolkit/> or PKCS <http://www.rsasecurity.com/rsalabs/node.asp?id=2124>) and implement it exactly. Interoperability is a bonus :-) -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
