Re: PKCS#1v1.5

On Wed, Sep 19, 2012 at 11:50 AM, Travis Mayberry <> wrote:
> Right, I can see how that could get out of hand rather quickly.  The
> difference I see between those cases though is that counter mode and CBC
> each have advantages/disadvantages (i.e. counter mode allows for random
> access to encrypted data) that warrant using one over the other depending on
> the scenario.  Hopefully developers will investigate the different modes
> before they pick the one that most suits their situation.  PKCS#1 and OAEP
> on the other hand are functionally equivalent, but one has potential
> security holes and the other does not.

Like Wan-Teh mentioned, the concern is not one necessarily of
functionality (yes, they both use RSA keys to perform encryption or,
in the case of PSS, signing), but of deployment/support. This includes
both platform-native support (which is fairly good post XP-SP2), but
also support for secure elements, TPMs, etc, where it's unfortunately

So the concern is less one of functionality, and more one of
compatibility between systems and between (existing) protocols.

But yes, you've definitely picked on an issue we've discussed at a
fair length so far (and for which other groups, such as the IETF's
JOSE WG, have also discussed at fair length)

Received on Wednesday, 19 September 2012 19:21:16 UTC