[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RSA: low exponent
-----BEGIN PGP SIGNED MESSAGE-----
[concerning a low RSA modulus]
I haven't had a chance to look at Matt's post very much...
Actually, I beleive the largest concern over using a small modulus is
if you encrypt a message to multiple recipients (i.e. an identical
message to several people)
This then leaves you open to the "low modulus attack" (how
appropriately named :-) as described by Judith Moore in her paper
"Protocol Failures in Cryptosystems". This paper also appears in the
Simmons big book on Crypto.
Basically, the message can be reconstructed with the Chinese Remainder
Theorem (I beleive, it's been a while since I worked through it).
To prevent this, random bits should be appended to change the message
for each person.
Karl Barrus
[email protected]
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLTrElYOA7OpLWtYzAQEtdgQAm5OO+b3LxsmKtzYWNNFHEAaqkuEG4soZ
28SgCRFDpgKuov56GPVu/8Nl+zLS3H8LuEQg2KxFWT5zns/Rt/rlIo5o5Wp8KeXM
ZxxzYd8K6x3zvplzE0G5kJMtJii4wUBPwP8m8kZQQFzSnRv86+MQAa9kGy0wb+tm
P4LrmVoZeq8=
=t9rg
-----END PGP SIGNATURE-----