Re: PKCS#1v1.5

On Wed, Sep 19, 2012 at 11:00 AM, Travis Mayberry <> wrote:
> Makes sense.  I would suggest then that a note be put in emphasizing it
> should be used carefully and that OAEP is the better choice if you are not
> forced to use PKCS#1.  My main concern is that a developer, upon deciding to
> use this API but not being familiar with the issues we are discussing, will
> simply pick one of the two at random and potentially open himself up to an
> attack that could have easily been avoided.

Adding a note (or creating a FAQ document) is a good idea. Thank you
for the suggestion.

Another factor for us to include PKCS#1 v1.5 is its support in
underlying native crypto libraries. PKCS#1 v1.5 is widely supported,
but we're less sure about the availability of RSA OAEP.


Received on Wednesday, 19 September 2012 18:16:13 UTC