> Ok. I am a little bit confused. You are telling me that a same > data encrypted > with the same key can generate different results?
Yes. This is absolutely essential for any public-key system to be secure. Imagine if someone asks you, "Should we attack at dawn? Send the message securely using my public key." If the same data encrypted with the same key generated the same results, an attacker would simply have to encrypt "yes" and "no" and see which compared to the encrypted data and they would break the code. > How can the decryption > process can succeed ?! I'm not sure I follow the question. > Maybe it's my cryto knowledge that are limited, but I was sure that one > output correspond to one input. That would not work. That would allow an attacker to try encrypting every possible input, find the matching output, and break the code. That would make the encryption scheme useless for any application where the encryption input is predictable. That's a lot of schemes. > I run my tests couples of time and it always gives me the same > output result > each times (meaning that the peuso-random generator always gives the same > number?). > > You are probably right, but could you confirm me that my tests are made > correctly (using a longer array than the size passed to the encryption > function) ? It depends on the exact algorithm you are using. Generally, public-key algorithms are used as follows: 1) A random key is generated. 2) The message is encrypted with the random key using conventional encryption. 3) The random key is encrypted using a public-key algorithm. 4) The encrypted message from step 2 is sent with the encrypted key from step 3. In this way, the "message" for the public-key algorithm is unpredictable because it's purely random. However, many padding schemes for public-key algorithms make sure that they are protected from this kind of attack even if they are not used to encrypt random data. Read up on OAEP for one example. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
