Re: Multi-recipient security hole?

The technique is the "block type 02" padding technique
specified in PKCS #1.  This technique was specifically adopted for use
by PEM to handle the multiple recipients issue.


I checked in the son-of-RFC1115 Internet Draft, but could only find a
indirect hint about using "block type 02" for this purpose, and could
not find a hint at all that one should use _different random patterns
for each recipient_ in these type 02 blocks to prevent chinese remainder
attacks for the case where the public exponent is 3. I believe this should
be further clarified in the son-of-RFC1115.

   Markus Mueller
   FIDES Informatik
   Abteilung IB2
   Badenerstrasse 172
   CH-8004 Zuerich
   Switzerland

   SWITCH/ARPA/BITNET : mueller(_at_)komsys(_dot_)tik(_dot_)ethz(_dot_)ch
   UUCP               : 
mueller%komsys(_dot_)tik(_dot_)ethz(_dot_)ch(_at_)chx400(_dot_)uucp
   X.400              : S=mueller;OU=tik;O=ethz;P=switch;A=arcom;C=ch

   Mail account courtesy of Institut fuer Technische Informatik und
   Kommunikationsnetze, ETH, CH-8092 Zuerich, Switzerland

<Prev in Thread]	Current Thread	[Next in Thread>
Multi-recipient security hole?, Marc . Ringuette Multi-recipient security hole?, Jeffrey I. Schiller Re: Multi-recipient security hole?, Mike Roe Re: Multi-recipient security hole?, Richard . Ankney Re: Multi-recipient security hole?, David M. Balenson Re: Multi-recipient security hole?, Markus Mueller <= Re: Multi-recipient security hole?, David M. Balenson

Previous by Date:	Re: Multi-recipient security hole?, David M. Balenson
Next by Date:	Re: Multi-recipient security hole?, David M. Balenson
Previous by Thread:	Re: Multi-recipient security hole?, David M. Balenson
Next by Thread:	Re: Multi-recipient security hole?, David M. Balenson
Indexes:	[Date] [Thread] [Top] [All Lists]