----- User brian m. carlson on 2012-01-23 00:47:03 wrote: >> * sending ciphertext with the same "e" to several recipients >This depends on a small message. All secure padding schemes avoid this >problem because the pad the message so it is not small. >> * no randomness >All secure padding schemes provide this, as well. >> * problems with the product of two ciphertexts >This is not a problem with OpenPGP because the attacker never gets to >see the value encrypted with RSA because it's the symmetric key. Hmm, true. Seems really pretty secure in PGP context.
>The existence of PGP predates the invention of OAEP by at least three >years. So it really wasn't an option, and PKCS #1 v1.5 is not insecure, >so there's no reason to break backwards compatibility. Yeah, agreed. >Basically. The issue is that if the padding is incorrect, the message >is rejected. So the attacker can't manipulate the message without >risking corrupting the structure of the method. I see. Well, thank you very much for the explanation and information! _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users