My RSA key is more that 256 bits long. I think the maximum AES key size is 256 bits. So that was the reason why I wanted to do a SHA256 on my key.
I understand what everybody told me. I didn't want to defend my "miracle strategy" at all cost.. Some replys told me that specific algorithms exists for key generation and other told me that my method is vulnerable to replay attacks. So I will definitely consider these helpfull informations in my learning process. Sorry for still being at school with no security background! David Schwartz wrote: > > >> For information: I am using this key to encrypt / decrypt files >> locally on a >> host. > > Why not use the RSA key for this purpose, using an established and tested > algorithm? Since you have the RSA key, and there are any number of > established algorithms to use an RSA key for encryption, why did you roll > your own? > > And, I should note, you've already proved our point a dozen times over. > Your > code contains three separate bugs, all of them extremely serious. For > example, you used the byte size of the *MODULUS* (that's what RSA_size > returns) as the hash input size for the private key. > > If you can't even specify an algorithm, what are the odds that whatever > you > wind up with will actually be secure? (Sorry to be harsh, but security is > not an area where you can 'wing it'. Raally.) > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://www.nabble.com/Question-about-SHA256-on-a-RSA*-key-tp21093222p21134656.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
