ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why Rabin algorithm has mostly been ignored?

1997-11-21 22:44:38
from [Hal Finney] [Permanent Link] 
People have been scared of Rabin encryption because it has a chosen
ciphertext attack which reveals the key.  The attacker needs to be able
to get the key holder to Rabin decrypt the encrypted session key, then
to tell him what the decrypted value was.

In normal circumstances this is unlikely to be a problem.  If the
decryption of the ESK packet produces garbage, there is no reason to
send the decrypted garbage back to the attacker.  As long as you just
destroy the garbage, you are OK.

Still I think there may be some fear about using an algorithm which has
this potential vulnerability.

Hal Finney
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Armour, Dave Crocker / IMC
Next by Date:  Re: Draft comments, Hal Finney
Previous by Thread:  Re: Why Rabin algorithm has mostly been ignored?, Gary Liu
Next by Thread:  Re: CMR as an extension _inside_ the standard (Re: CMR & ROT-13), Hal Finney
Indexes:  [Date] [Thread] [Top] [All Lists]