Re: some question about RSA
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: some question about RSA

From: Tom St Denis <tomstdenis@gmail.com>
Date: Tue Jan 17 2006 - 16:25:46 CET




Wang wrote:


> Consider this case:(padding(m)^dA mod NA)=padding(m)^dB mod NB) for


> many padding(m) , this equation exist.That's to say,Does there exist


> (eA ,dA,NA), (eB,dB,NB) satisfying some relationship,make the equation


> for most padding(m)  exist.



Yes it can happen but I think you're missing a crucial point.  The


padding will change over time as it IS a prf.



As an attacker you can't compute m^dA or m^dB anyways as you don't have


exponents and as a user [e.g. owner of the key] you'll be padding it


anyways.



So the paddings won't be equal.



That said, m1^d1 = m2^d2 is possible... I just don't know what that


would "give you" ...



Tom


Received on Tue Jan 17 16:51:01 2006