> I am not sure it is the right explaination : I think that I don't
> generate a symetric key.
> In fact, it would be true if I used the EVP interface. But I use the
> "low-level" function which directly encrypt (RSA_public_encrypt).
>
> So, my question was :
> Why the encrypted data seem random ?
If it didn't, it wouldn't be secure. Imagine if you have a scheme where one
person says encrypted replies to the other. Sometimes the reply is 'yes' and
sometimes it's 'no'. Imagine also that an attacker can tell whether it was
'yes' or 'no' the next day, maybe the question is 'should we attack today?'.
If every 'no' encrypted to the same thing, the attacker would just have to
wait for the reply to change, and then he'd know that he was going to be
attacked today. That wouldn't be very secure.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
