[Remops] (no subject)
lists at notatla.org.uk
lists at notatla.org.uk
Sun Aug 24 21:11:12 BST 2014
> http://moderncrypto.org/mail-archive/messaging/2014/000527.html
>
> > There are some aspects of this I either don't like, or perhaps don't
> > understand. I'd appreciate your thoughts.
> >
> > Why use RSA to encrypt anything more than the session key? All the new
> > fields could go in the Encrypted header or maybe, for backwards
> > compatibility, in a second encrypted header. I don't think it's good
> > practice to use RSA to encrypt anything beyond the session key.
>
> I don't think it is either. You shouldn't concat a bunch of stuff
> together and then RSA encrypt it - encrypt one thing and then
> symmetrically encrypt the rest.
Putting this inside the RSA encryption saves space. The
RSA-encrypted block has the same size as the RSA key whether
or not it contains more than the 3DES key. All parts encrypted
are either random or random-looking.
What I'd prefer is to dump RSA padding and do as in Cryptography
Engineering section 12.6 but that's probably a suggestion for
new incompatible work.
More information about the Remops
mailing list