Re: some question about RSA
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: some question about RSA

From: Tom St Denis <tomstdenis@gmail.com>
Date: Wed Jan 18 2006 - 14:12:18 CET




Wang wrote:


> Although padding is prf,but that doesn't matter,my question is that for


> most padding(m)


> exist in the domain,the equation padding(m)^d1mod n1=padding(m)^d2mod


> n2 whether exit for some (d1,n1),(d2,n2).if so ,the padding doesn't


> influence the attacking.



I don't understand your question.  Are you afraid that two users would


collude and use the same padding values?  or?



is it possible that m^d1 = m^d2?  Yes.  It's also possible that m^d1 -


0x31337 = m^d2.



So what?



The likelyhood is very very slim [hint: what are the average periods of


units in the ring generated by the modulus?] so the impact is next to


meaningless.



Why not experiment with say a 96-bit modulus over say 2^40 messages or


so and count the number of times they're equal :-)



Tom


Received on Thu Jan 19 03:44:49 2006