|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
OAEP before symmetric encryption ?
dmolnar (dmolnar
hcs.harvard.edu)
Mon, 22 Nov 1999 21:38:02 -0500 (EST)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: lcs Mixmaster Remailer: "Re: Re: Discrete log algorithms"
- Previous message: ese788e2iyhtantriks.com: "Get online today accepting credit cards. Our company even allows you to accept government cards."
Hi,
Does anyone use OAEP before encrypting with IDEA or some other
symmetric cipher? Are there better padding schemes out there,
or is padding usually not used b/c one can run the cipher in CBC mode?
Here's what I want : a randomized symmetric scheme, such
that an adversary is unable to determine whether a given ciphertext
is the encryption of a known plaintext by trial encryption, even
given the entire plaintext. OAEP provides for "hidden" randomness
which does not need to be transmitted to the recipient beforehand.
OAEP also has the advantage of a reduction (albeit in the random oracle
model) to the difficulty of whatever the underlying function is.
With CBC mode, it seems that I could get the property if I kept the IV
secret, but now I need to send the IV to a recipient. Am I missing
something? What do people do in practice? are there any theoretical
results about how "random" CBC is?
Please feel free to tell me if I'm missing something obvious...
Thanks much,
-David Molnar
- Next message: lcs Mixmaster Remailer: "Re: Re: Discrete log algorithms"
- Previous message: ese788e2iyhtantriks.com: "Get online today accepting credit cards. Our company even allows you to accept government cards."
This archive was generated by hypermail 2.0b3 on Mon Nov 22 1999 - 23:29:21 CST