Re: data dependence with md5/64-bit RSA?

[Andrew Mann]

	It sounds like the data is being padded (perhaps automatically).  There 
are several standards for padding data prior to applying RSA encryption. 
 It seems that whatever padding is being used is adding about 10 bytes. 
 One of the PKCS standards should be able to explain everything that's 
happening here.  You can find the papers on the RSA labs site I think.

	Some other clarifications here:  You can only encrypt a chunk of data 
(after all pre-processing including padding) that is up to the numerical 
value of the modulus - 1 . If you have a 64 bit key and you guarantee 
the highest order bit is 1, then your modulus is only guaranteed to be 
greater than 2^63 .  Since you don't know how much greater, you can only 
use this modulus on 63 bits of data (again post processing, padding, etc).
	If you don't need security you may not want to use RSA - especially 
through a wrapper API.  It will be slower, and as mentioned you actually 
have no security anyway.  Plus you'll have to deal with all the quirks 
of a padded block public key cipher :)
	If you do want to use the encryption and have it work, you'll want to 
understand:
The RSA algorithm
Key generation
Key management
Padding methods

	A mistake in any of these could easily leave you in the situation of 
spending a lot of effort and time to "secure" your data only to find out 
that bits of the private key leaked out with the public , or that your 
random number source used for key generation is basing its' values on 
the clock - the same clock that was used to timestamp your file, or some 
other such subtlety that immediately and completely invalidates your 
security.  It's not really plug-and-play :)

Andrew
        
Jesse Hammons wrote:
Jesse Hammons wrote:

So to clarify: If I generate a 65-bit key, will I be able to use that
65-bit key to sign any 64-bit value?
Yes, but

Actually, I have found the answer to be "no" :-)

a 65 bit key won't be very secure AT ALL, it will be
very easy to factor a modulus that small.

Security is not my goal.  This is more of a theoretical exercise that
happens to have a practical application for me.

Bottom line: asymmetrical
(public-key) encryption has a fairly large "minimum block size" that
actually increases as key size increases.

Indeed.  I have found experimentally that:
 * The minimum signable data quantity in OpenSSL is 1 byte
 * The minimum size RSA key that can be used to sign 1 byte is 89 bits
 * A signature created using a 64-bit RSA key would create a number 64
bits long, BUT:
   - This is not possible to do in OpenSSL because the maximum signable
quantity for a 64
      bit RSA key is only a few bits, and OpenSSL input/output is done on
byte boundaries
Do those number sound right?
Thanks,
-Jesse
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]