Questions tagged [oaep]

Question 1

We all know that it is a bad idea to use the same key for multiple purposes. However it sometimes happens that non-cryptography-savvy people will make this mistake - specifically, that they'll use an ...

Question 2

I saw theorems stating that RSA-OAEP (or the similar variant OAEP+) is CCA-secure in the random oracle model. I wonder about the following: Is RSA-OAEP (or even OAEP+) CPA-secure in the plain model? ...

Question 3

General My goal is to encrypt some strings and store them in a database. I am using RSA OAEP in Go (Golang): ...

Question 4

Here the encryption is done as follows : $$C=P^e \textrm{mod} \, n =(P_1||P_2)^e \textrm{mod} \, n.$$ Here's my scenario that the adversary with CCA2 wins. The adversary chooses $X_1, X_2$ of the same ...

Question 5

I want to make an ecryption algorithm that is secure in, well, really many ways, which is hard I see, so I came up with some ideas of how to implement it using some primitives that I know and I ...

Question 6

Often data is encrypted using Symmetric Ciphers and Symmetric key is shared with recipient by encrypting it with recipient's Asymmetric Public Key. NIST Special Publication 800-56B, Revision 2 section ...

Question 7

In my hobbyist project implementation of RSA-OAEP, I omitted support for labels at the beginning. I set the label to empty string on encryption and ignored the label on decryption. Now I'm adding a ...

Question 8

I have a question about how RSADP/RSAEP are defined (in RFC2437 https://datatracker.ietf.org/doc/html/rfc2437#section-5.1.2): RSADP (and RSAEP) are described with the same limits for the message (m) ...

Question 9

I have written a raw (textbook) RSA implementation (just for fun) and I wonder is there an easy way to make it secure enough so it can be used in real life (without implementing OAEP+ and RSASSA-PSS)? ...

Question 10

We are using RSA without OAEP, with a relatively small input domain. Lets assume we have John and Bob connected on a line, and we are eavesdropping them. Bob first sends John his public key (e,n), ...

Question 11

I searched but found nothing except the original paper, and I can't wrap my head around it. Can you help me by giving an overview and then if possible, a short explanation of the algo?

Question 12

I'm not an expert on cryptography, so, the understanding below might not be entirely correct. From what I understand, in the context of JWE, the RSA-OAEP-256 key algorithm is meant to provide payload ...

Question 13

To be clear I'm well aware that ChaCha doesn't need to be "improved". Also, I have no intentions or misguided ideas about trying to "improve" it. My question is hypothetical, and ...

Question 14

In this document, it shows the EM will have one zero octet padding prefixed. ...

Question 15

With reference to this question: First, when using padding (PKCS or OAEP), if the ciphertext has errors in transmission we'll always get an error at the decryption process? where the answer is: Yes,...

Stack Exchange Network

Questions tagged [oaep]

Security analysis of using RSA-OAEP and RSA-PSS with the same key

On the security of OAEP

RSA different ciphertext for the same plaintext

How is RSA-OAEP secure from CCA2?

Is there a public-key, "deal-less", all-or-nothing, "secret-length message" cryptosystem or some easy way to derive it?

is RSA KTS-OAEP necessary? [duplicate]

How important is constant-time verification of lHash label in RSA-OAEP?

RSADP/RSAEP with zero base/message value

Is there an easy way to make textbook RSA secure enough so it can be used in real life?

Break RSA without padding using a rainbow table attack

Can you please explain how Manger's attack against RSA OAEP works?

In regard to using RSA-OAEP-256 in JWE to also authenticate token issuer

Would a key recovery attack on ChaCha's keystream would be made more secure with an AONT?

RSA PKCS#1 OAEP Padding Schema - padding 0 for first octet?

RSA OAEP Error Detection Probability

Hot Network Questions