Hi Phillip,
> You make it sound like the AES algorithm itself somehow imposes requirements
> on how its key can be protected.
The best I can tell, we said the same thing. The security levels among
AES and RSA are equivalent.
Jeff
On Sun, Jul 11, 2010 at 12:29 AM, Phillip Hellewell wrote:
> On S
Despite what others have said, RSA is perfectly reasonable (if slow) to use
for encryption. If you do, you should use OAEP/OAEP+ rather than the
common/naive method of padding.
http://cseweb.ucsd.edu/~mihir/papers/oaep.html
The Wikipedia article is a good starting place
http://en.wikipedia.org/
On Sat, Jul 10, 2010 at 12:13 PM, Jeffrey Walton wrote:
> > The general approach is to encrypt data using a symmetric cipher (e.g.,
> > AES-256) with a randomly-generated key, and then encrypt that symmetric
> key
> > with the RSA (public) key.
> AES-256 requires a RSA modulus with an equivalent
> "Handbook of Applied Cryptography" ("HAC")
> ... but the principles stated in those books are
> still valid and worth knowing.
Section 9.6 of the HAC is no longer applicable, and should be
considered wrong (worth mentioning since its not a typo or other
errata, and it applies to the entire sec
> The general approach is to encrypt data using a symmetric cipher (e.g.,
> AES-256) with a randomly-generated key, and then encrypt that symmetric key
> with the RSA (public) key.
AES-256 requires a RSA modulus with an equivalent strength, which is a
15360 (IIRC). If you choose RSA-1024 or RSA-204
Hi,
Two-way SSL is sometimes very confusing. I know that a
keystore and a truststore are always involved in two-way SSL
communication. Are there various forms of two-way SSL ?
1. We want to open a server socket and also act as a client.
2. Similary the server also can be a client because t
