What bloody object does the fixMaxPlainTextLength method BELONG to? *sweat* It's not the key, its not the encryptor (??) apparently. I'd expect the latter.
-----Original Message----- From: Michael Hunley [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 09, 2003 5:23 AM To: [EMAIL PROTECTED] Subject: RE: Dumb question. At 12:30 PM 4/8/2003 -0700, you wrote: >Yeh, you mean read and write in chunks like you do in stdio. But to make >it secure, you need to add some random data to the message, or successive >messages can open you to differential attacks, no? RSA takes an RNG, which you should be passing as a param when you instantiate the Encrypt/Decrypt object (Are you using 5.1?). The difference in fixedMaxPlainTextLength and the fixedMaxCipherTextLength is the random padding that makes two encryptions of the same message completely different. So, you are adding your own "noise" in, which is fine, but should not be necessary. michael
