From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Fri, 26 Jan 1996 17:10:01 +0800
To: JMKELSEY@delphi.com
Subject: Re: Lotus Notes
In-Reply-To: <01I0FXJK293C9DCXJ9@delphi.com>
Message-ID: <Pine.SOL.3.91.960125230335.2084A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


[Birthday paradoxing to get test for non-random padding]

> simply generating a few thousand messages (maybe six or seven
> thousand, to be safe), and seeing whether or not we ever get a
> duplicate LEAF. We expect to, after about 2^12 encryptions, if

If you were to try this, you'ld probably want to try around 12,000 to 
reach the 95% confidence interval. However, I seriously doubt that this 
is going to be the case; they're using BSAFE, which does random padding 
to PCKS1 in just about all it's RSA modes.  The only people Lotus could 
hire to get it that wrong probably have too much tied up in options to be 
easily head-hunted.

Simon