Re: Strength of RSA with known plain-text.

From: George Ou (533george_ou234_at_netzero234.com)
Date: 09/07/03 

Date: Sun, 07 Sep 2003 21:13:14 GMT

On 7 Sep 2003 07:27:41 -0700, rudykoot@hotmail.com (Rudy Koot) wrote:

>When using the RSA public-key algorithm. How difficult is it to
>calculate the private key if you know the public key, cipher text and
>plain-text. Is it just as difficult as when you don't know the
>plain-text or is it easier?
>
> -- Rudy Koot (_r_u_d_y_k_o_o_t_ at _h_o_t_m_a_i_l_ dot _c_o_m_)

First of all:

RSA is NEVER used to encrypt plain text. No public key system is used
to encrypt plain text.

RSA is only used in the following 2 ways.

Using your private key to encrypt the 160-bit SHA-1 hash of your
message for the purpose of digital signatures. The digital signature
offers source integrity, data integrity, and non-repudiation.

Someone else using your public key to encrypt a session key that they
want to send you in plain site of the public without worrying someone
that someone can steal that session key.

Additionally:
The session key is in turn used in a symmetric algorithm such as RC5,
AES, and 3DES in applications such as PGP, SSL, IPSEC, and so on. No
one in the right mind would use RSA to encrypt bulk data because it's
about 100-1000 times slower than the aforementioned symmetric
algorithms. Just about any system that uses RSA only use it to kick
start a symmetric cryptography session. RSA is only used because of
it's ability to perform public handshakes securely.

Using this 2 phase approach also has security benefits. You can keep
the first asymmetric RSA phase of the operation on a smart card for
users or a dedicated hardware cryptographic module for servers. This
way, the host computer never needs to know the private key because the
key pair was generated inside the HSM and the private key never leaves
the HSM. If a hacker ever rooted your server or a virus or worm ever
took over a user's personal computer, they can easily download your
private key.

George Ou
http://www.LANArchitect.net

Relevant Pages

  • Re: RSACryptoServiceProvider decrypt with public key
    ... key/decrypt with the private key and encrypt with the private key/decrypt ... encrypt data and send it back to Alice. ... only she can decrypt Bob's data. ... see the public key and the encrypted data, but she could not decrypt Bob's ...
    (microsoft.public.dotnet.security)
  • Re: How to use RSACryptoServiceProvider?
    ... RSA can be encrypted by any key of the pair then can be decrpted ... the plain text was encrypted by private key and I wanna ... > it the public key but not the private key. ... > RSACryptoServiceProvider will be able to encrypt but not decrypt. ...
    (microsoft.public.dotnet.security)
  • Re: how to have a gpg public key?
    ... Having just a public key doesn't do you much good. ... You need both a private key and a public key; ... can encrypt and decrypt your messages and you are just ...
    (Debian-User)
  • Re: DECRYPT with PUBLIC key (how to?)
    ... values in my application which would be decoded with my own public key which ... This is a very stupid thing to think that you can encrypt with private ... Private key operations often uses CRT ... Signature schemes and Encryption schemes have completely different ...
    (microsoft.public.dotnet.security)
  • Re: RSA - Public vs. Private Keys
    ... RSA is intended to encrypt messages with public keys only. ... encrypt the symmetric key with the private key. ... and public key/certifcate info about the public key ...
    (microsoft.public.dotnet.security)