[144868] in cryptography@c2.net mail archive
Re: Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu Sep 17 14:32:54 2009
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: kevin.w.wall@gmail.com, pgut001@cs.auckland.ac.nz
Cc: cryptography@metzdowd.com, daw@cs.berkeley.edu
In-Reply-To: <4AB174C7.7060901@gmail.com>
Date: Thu, 17 Sep 2009 17:20:33 +1200
"Kevin W. Wall" <kevin.w.wall@gmail.com> writes:
>(Obviously some of these padding schemes such as OAEP are not suitable with
>symmetric ciphers. Or at least I don't think they are.)
You'd be surprised at what JCE developers will implement just because they
can, and what therefore gets used by application developers. I've seen
RSA-CBC used on more than one occasion.
(No, that's not a typo, RSA in CBC mode. The app developers wondered why it
was so slow).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com