From: eric@remailer.net (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: b91e9ddcb67c33e6cfe2962be112b89726d605cace93d899d449a9a271baaa85
Message ID: <199412241747.JAA21620@largo.remailer.net>
Reply To: <199412241111.DAA01099@unix.ka9q.ampr.org>
UTC Datetime: 1994-12-24 16:50:02 UTC
Raw Date: Sat, 24 Dec 94 08:50:02 PST
From: eric@remailer.net (Eric Hughes)
Date: Sat, 24 Dec 94 08:50:02 PST
To: cypherpunks@toad.com
Subject: Re: Thoughts on 15 day CJ crypto
In-Reply-To: <199412241111.DAA01099@unix.ka9q.ampr.org>
Message-ID: <199412241747.JAA21620@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain
From: Phil Karn <karn@unix.ka9q.ampr.org>
Isn't it common practice to pad out a plaintext block with random
garbage to the size of the modulus before you RSA-encrypt it?
[...]
Wouldn't this thwart the kind of attack you describe?
It would, but not having ever applied for a 15-day CJ, I can't speak
to the details of what the implementations actually do. Perhaps they
permit random padding, perhaps not. It's certainly possible that the
padding is required to be fixed; that certainly in the style of NSA
'requests' for 'features'.
Can anybody here shed some light on the subject?
Eric
Return to December 1994
Return to “Phil Karn <karn@unix.ka9q.ampr.org>”