1994-12-24 - Re: Thoughts on 15 day CJ crypto

Header Data

From: eric@remailer.net (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: b91e9ddcb67c33e6cfe2962be112b89726d605cace93d899d449a9a271baaa85
Message ID: <199412241747.JAA21620@largo.remailer.net>
Reply To: <199412241111.DAA01099@unix.ka9q.ampr.org>
UTC Datetime: 1994-12-24 16:50:02 UTC
Raw Date: Sat, 24 Dec 94 08:50:02 PST

Raw message

From: eric@remailer.net (Eric Hughes)
Date: Sat, 24 Dec 94 08:50:02 PST
To: cypherpunks@toad.com
Subject: Re: Thoughts on 15 day CJ crypto
In-Reply-To: <199412241111.DAA01099@unix.ka9q.ampr.org>
Message-ID: <199412241747.JAA21620@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: Phil Karn <karn@unix.ka9q.ampr.org>

   Isn't it common practice to pad out a plaintext block with random
   garbage to the size of the modulus before you RSA-encrypt it?
   [...]
   Wouldn't this thwart the kind of attack you describe?

It would, but not having ever applied for a 15-day CJ, I can't speak
to the details of what the implementations actually do.  Perhaps they
permit random padding, perhaps not.  It's certainly possible that the
padding is required to be fixed; that certainly in the style of NSA
'requests' for 'features'.

Can anybody here shed some light on the subject?

Eric





Thread