Thanks.

-----Original Message-----
From: Michael Hunley [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 09, 2003 5:23 AM
To: [EMAIL PROTECTED]
Subject: RE: Dumb question.


At 12:30 PM 4/8/2003 -0700, you wrote:

>Yeh, you mean read and write in chunks like you do in stdio. But to make 
>it secure, you need to add some random data to the message, or successive 
>messages can open you to differential attacks, no?


RSA takes an RNG, which you should be passing as a param when you 
instantiate the Encrypt/Decrypt object (Are you using 5.1?).  The 
difference in fixedMaxPlainTextLength and the fixedMaxCipherTextLength is 
the random padding that makes two encryptions of the same message 
completely different.  So, you are adding your own "noise" in, which is 
fine, but should not be necessary.

michael

Reply via email to