Chapter 3 Cryptography 55
Cryptography Overview
However, for very large numbers, factoring is very difficult. The RSA Laboratories
publication, Frequently Asked Questions About Today’s Cryptography (the FAQ), describes
the state of the art in factoring. Factoring numbers takes a certain number of steps,
and the number of steps increases exponentially as the size of the number increases.
Even on supercomputers, the time to execute all the steps is so great that for large
numbers it could take years to compute. Within a short period of time, the current
threshold of general numbers that can be factored will probably rise to 155 digits,
approximately the size of a 512-bit RSA modulus. Currently, the limit to the size of an
RSA modulus in Crypto-C is 2048 bits.
Digital EnvelopesA digital envelope is a way of combining the advantages of symmetric-key and public-
key cryptography. In general, public-key algorithms are slower than symmetric-key
ciphers, and for some applications may be too slow to be of practical use, while for
symmetric-key ciphers, there is the problem of transmitting the key. A digital
envelope provides a solution to this dilemma. The sender encrypts the message using
a symmetric-key encryption algorithm, then encrypts the symmetric key using the
recipient’s public key. The recipient then decrypts the symmetric key using the
appropriate private key and decrypts the message with the symmetric key. In this
way, a fast encryption method processes large amounts of data, yet secret information
is never transmitted unencrypted.
Optimal Asymmetric Encryption Padding (OAEP)Optimal Asymmetric Encryption Padding (OAEP) is a general class of methods for
constructing digital envelopes from public-key encryption algorithms. OAEP
methods have been proposed for the RSA algorithm. OAEP thwarts the
Bleichenbacher attack on PKCS #1 digital envelopes.
Recent research by cryptographer Daniel Bleichenbacher of Bell Labs, the research
and development arm of Lucent Technologies, indicates that the combination of
PKCS #1 and SSL is potentially vulnerable to a class of attacks known as Adaptive
Chosen Ciphertext Attacks. Such a potential attack relies on sending a million
carefully constructed messages to a target server and observing the variations in the
server’s response. The potential attack is detectable by network administrators
because of the large number of needed messages. The threat is only against digital
envelopes; it does not affect digital signatures.
OAEP is a pre-processing step that is applied to data before it is encrypted and after it
is decrypted. OAEP prevents a wide range of attacks on the envelope format and
ensures that the attacker must break the underlying cryptographic algorithm in order