Re: newbie Q's about RSA, OAEP

From: Michael Amling (nospam_at_nospam.com)
Date: 11/28/03

• Next message: Tom St Denis: "Re: newbie Q's about RSA, OAEP"
• Previous message: Vincent Quesnoit: "Re: Unknown ciphertext [OT]"
• In reply to: Dominic: "newbie Q's about RSA, OAEP"
• Next in thread: Tom St Denis: "Re: newbie Q's about RSA, OAEP"
• Reply: Tom St Denis: "Re: newbie Q's about RSA, OAEP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 28 Nov 2003 17:27:53 GMT

Dominic wrote:
> I've found articles covering the maths behind these algorithms, but is
> there anything which gives a good introduction to their practical use?
>
> Are there recommended minimum/maximum lengths for RSA keys?

   1024-bit modulus is about the minimum these days. You could use 768
for low-value messages. 16K-bit modulus is the largest I've heard of
anyone using.

>
> Is it safe (not necessarily efficient) to code long messages in RSA by
> splitting it into blocks and coding each separately (as you would with
> Rijndael). Are ECB, CBC modes applicable in that case?

   Standard procedure is that if the message doesn't fit into a single
RSA block, you encrypt the message with a block cipher, and encrypt only
the keys (the block cipher key, the MAC key, maybe the IV if there is
one) with RSA.
   Maybe someone else can actually answer your question.

> Should you generally use OAEP rather than coding the message uncooked?

   Yes. Always.

> I know this is a good idea when encoding short messages to avoid
> dictionary attacks, but is it useful with longer messages?

   Yes. It protects against more than just dictionary attacks.

>
> Is there an accepted scheme for indicating the length of the message?

   AFAIK, each protocol has its own way of indicating length.

--Mike Amling

---

• Next message: Tom St Denis: "Re: newbie Q's about RSA, OAEP"
• Previous message: Vincent Quesnoit: "Re: Unknown ciphertext [OT]"
• In reply to: Dominic: "newbie Q's about RSA, OAEP"
• Next in thread: Tom St Denis: "Re: newbie Q's about RSA, OAEP"
• Reply: Tom St Denis: "Re: newbie Q's about RSA, OAEP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: A question about modular exponentiation ... > One can also compute the private exponent in a slightly different way: ... > I ran tests on this, generating primes to produce RSA keys ... Therefore, d is inverse of e both for mod lambda, and for phi. ... (sci.crypt) Re: RSA key size and safety ... assymmetric (RSA) will be safe for the next 50 years. ... LEAST 768-bit RSA keys. ... so any time estimates were likely based ... your public keys your system is fairly dead in the water. ... (sci.crypt) Re: CryptoAPI Hard Coding Keys, Help ... You can use RSA, DH/DSA or ECDSA - but you should first check what Windows ... // key container name. ... printf(" Create a default container and generate keys \n"); ... "Generating Keys \n"); ... (microsoft.public.platformsdk.security) Re: newbie Qs about RSA, OAEP ... just say use 2048-bit RSA keys and not worry about it [worry about the rest ... > RSA block, you encrypt the message with a block cipher, and encrypt only ... > the keys (the block cipher key, the MAC key, maybe the IV if there is ... (sci.crypt) Re: SSH keys: RSA vs DSA ... >> Ssh protocol version 2 can use RSA as well as DSA keys. ... > DSA is an old and fairly weak encryption, ... (comp.os.linux.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)