[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Adding standalone RSA code

Subject: Adding standalone RSA code
From: colin.percival at wadham.ox.ac.uk (Colin Percival)
Date: Sat Dec 11 13:00:31 2004

David Schultz wrote:
> For
> instance, as we discussed privately, your RSA encryption routine
> is insecure unless the caller appropriately preprocesses the input
> with a random pad
... or is using it to encode data with at least 128 bits of entropy...
> and the documentation doesn't seem to mention
> this caveat.  I'm sure *you* know how to use your library
> securely, but it could be dangerous to someone else.

True enough, but I was planning on revising my interface (e.g., to use
OAEP) and documentation before committing anyway.

> That said, it still puzzles me that you don't want to use
> OpenSSL's rsautl.

I wrote my RSA code long before I started working on FreeBSD Update; so
when I needed some code for signing my update index, I used the most
convenient code -- the code which I had written, understood intimately,
and trusted.

Colin Percival

References:
- Adding standalone RSA code
  - From: Colin Percival
- Adding standalone RSA code
  - From: David O'Brien
- Adding standalone RSA code
  - From: Colin Percival
- Adding standalone RSA code
  - From: David O'Brien
- Adding standalone RSA code
  - From: Colin Percival
- Adding standalone RSA code
  - From: David Schultz

Prev by Date: Adding standalone RSA code
Next by Date: half a thousand in bonus chips added to your first deposit
Previous by thread: Adding standalone RSA code
Next by thread: Adding standalone RSA code
Index(es):
- Date
- Thread

Visit your host, monkey.org