On Fri, Nov 09, 2012 at 09:36:41AM -0800, Morlock Elloi wrote:
As long as each encryption of the same plaintext yields the same
ciphertext, indexing works. However, the space is tight - plaintext size
is close to the cipher capacity.
is there an inferred "so we have no space to pad the plaintext" there?
BTW, the same plaintext is never encrypted with different keys, so CRT
doesn't work.
Well that maybe, but without padding RSA(a)*RSA(b) == RSA(a*b) so the
attacker can create fake data or test values by using multiplication.
eg values a,b,c,d, etc
He can create new values k*a for any integer k (as encryption is public)
RSA(k*a) = RSA(k)*RSA(a); he can test multiples.. RSA(b) =? RSA(k)*RSA(a)
he can compare values with multiples of other values: RSA(c) =?
RSA(a)*RSA(b) and any variation thereof.
With some knowledge of the domain of the values, and given arbitrary known
plaintext-ciphertext pairs (being public key crypto) thats a fair amount of
rope for an attacker to play with.
Not ECB, but its something else fragile with its own problems...
Adam
Do you do any padding? If not you might be vulnerable
to multiplication because:
RSA(a)*RSA(b) == RSA(a*b)
and if you are doing padding (eg with random inputs if any
seeded by the
plaintext and a fixed secrete seed), then you need
rigorously verify the
padding on decrypt or the padding may not defend against
multiplication.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
