since im not in the market for downvoting. ill just say. eh. RSA is a simple for...

munin · on Dec 3, 2016

If you implement RSA from the textbook, as a simple formula, you'll leave yourself vulnerable to padding based attacks that can recover the private key. It turns out that though the formulas are straightforward and the math can be explained after a decent undergraduate education, the implementation is still very subtle.

mSparks · on Dec 3, 2016

padding attacks are only really related to encrypting data not sharing the product of two very large primes. You clearly havent got the faintest idea what you are talking about.

Rather than putting the rest of us at risk by putting zero value on the security of anything you make and guessing someone [a spook] will do it for you, why dont you recommend everyone takes some time out to at least learn the basics.

Yes, there are several "mines" you need to be wary of.

But they all pale into insignificance compared to linking openssl and thinking you are done.

kaoD · on Dec 3, 2016

> timing attacks you say. erm, not remotely connected.

Fine, I'll trust your overwhelming evidence instead of the many timing attacks described against RSA implementations.

mSparks · on Dec 4, 2016

All those attacks are "theoretical". As opposed to actually having been usefull in the wild - FUD (heartbleed otoh.....).

padding -> irrelevent to an RSA public key, everyone has to know the exact modulus and product, even the bad guys (although I recommend keeping public keys relatively secret)

timing -> irrelevent to an RSA public key, there is nothing you can get from how long it takes to decrypt or encrypt even 1024 bits of data (which is more than most impliementations even send), sometimes the exact same data will take 1ms, sometimes 100ms, it depends what else the machine is doing at the time.