[24505] in Cypherpunks
Re: Thoughts on 15 day CJ crypto
daemon@ATHENA.MIT.EDU (Eric Hughes)
Sat Dec 24 12:01:52 1994
Date: Sat, 24 Dec 1994 09:47:21 -0800
To: cypherpunks@toad.com
In-Reply-To: <199412241111.DAA01099@unix.ka9q.ampr.org> (message from Phil Karn on Sat, 24 Dec 1994 03:11:57 -0800)
From: eric@remailer.net (Eric Hughes)
From: Phil Karn <karn@unix.ka9q.ampr.org>
Isn't it common practice to pad out a plaintext block with random
garbage to the size of the modulus before you RSA-encrypt it?
[...]
Wouldn't this thwart the kind of attack you describe?
It would, but not having ever applied for a 15-day CJ, I can't speak
to the details of what the implementations actually do. Perhaps they
permit random padding, perhaps not. It's certainly possible that the
padding is required to be fixed; that certainly in the style of NSA
'requests' for 'features'.
Can anybody here shed some light on the subject?
Eric
