On 2010-08-31 5:07 PM, Justin Ferguson wrote:
Hi,
I'm not really much of a crypto guy so when the details come up it's
often kind of hard for me to entirely wrap my head around. That said,
I'm currently dealing with a situation where the public key,
plain-text and cipher-text are all known to an attacker; furthermore,
the random oracles/et cetera employed during the OEAP scheme are also
known to the attacker. Furthermore, the attacker can modify those
values (id est random oracle values of zero, or whatever the attacker
wants) and repeat the plain-text to cipher-text process as they see
fit. Furthermore, the key length exceeds the length of the message.
Basically, only the private key is not under the attackers control.
From that, what I am getting is that this is virtually the same as RSA
without the padding scheme and should be vulnerable due to it being a
deterministic algorithm; however my question is how much does it
really reduce the complexity? Is an attack against this even feasible
in any practical terms?
RSA allows anyone to encrypt anything they choose using Alice's public
key, but only Alice can decrypt, for she alone has the private key.
What the attacker can do, on seeing an encrypted message, and wishing to
decrypt it, is guess all likely plain texts, and try them.
To prevent this, the message must be unguessable. It must contain a
large secret random number, (padding) or else must *be* a large secret
random number.
The usual procedure is to generate a large random number, encrypt it
using RSA, and use this secret number to symmetrically encrypt the
actual message.
The answer to your question is a question: Are you RSA encrypting a
secret, and if you are, is the secret sufficiently random?
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
