On 2011-03-03 16:01, rachid baih wrote: > Take any number c ( rsa encrypted message) You can continue encrypting > process (with rsa function ) > no matter what number c you start with, you will always eventually > reach m the decrypted message.
This amounts to just a very inefficient way to do a brute-force search for d. Billy O'Neal wrote: > there's no way for the attacker to know when they've cycled back around > to the message text, unless (s)he can control what the plaintext message is. That's not the problem. For secure RSA padding schemes you could recognize a valid plaintext easily enough, if it were feasible to do the number of encryptions required, which it isn't. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
signature.asc
Description: OpenPGP digital signature
