[144874] in cryptography@c2.net mail archive
Re: Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Thu Sep 17 23:26:31 2009
Cc: kevin.w.wall@gmail.com,
cryptography@metzdowd.com,
daw@cs.berkeley.edu
From: Jerry Leichter <leichter@lrw.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
In-Reply-To: <E1Mo9Q1-0003fz-Gh@wintermute01.cs.auckland.ac.nz>
Date: Thu, 17 Sep 2009 20:35:45 -0400
On Sep 17, 2009, at 1:20 AM, Peter Gutmann wrote:
> "Kevin W. Wall" <kevin.w.wall@gmail.com> writes:
>
>> (Obviously some of these padding schemes such as OAEP are not
>> suitable with
>> symmetric ciphers. Or at least I don't think they are.)
>
> You'd be surprised at what JCE developers will implement just
> because they
> can, and what therefore gets used by application developers. I've
> seen
> RSA-CBC used on more than one occasion.
>
> (No, that's not a typo, RSA in CBC mode. The app developers
> wondered why it
> was so slow).
Interesting. It sounds as if the JCE developers have gone from one
extreme to another. I no longer remember the details, but a number of
years back, in a project I was involved with, we needed to implement
some particular (sane) combination of a cipher and a mode. JCE at the
time had a fixed list of combinations it was willing to let you use;
ours wasn't on that list. "ECB" wasn't an accepted mode, so it wasn't
easy to build your own mode out of what the API provided.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com