[Full-disclosure] question regarding RSA

[jf@xxxxxxxxxxxxxxxxxxxxxxxxx]

Hi,

i'm not really a crypto guy and I'm having problems explaining something; 
basically my understanding of RSA PKI is that the padding bytes are added 
because RSA is a deterministic algorithm and that without the padding an 
attacker with knowledge of the plaintext and access to the resultant ciphertext 
can significantly reduce the keyspace in deducing the private key, but the 
question is by how much? Assuming the absence of OAEP/et al, is it realistic to 
expect one to be able to brute force this keyspace? Theres really no 
documentation on the subject because well RSA is not expected to be secure in 
this environment, even though its deployeed this way more often than expected.

I'm trying to write up a test to do this, but I'm running into the problem that 
I'm having to modify what simplified implementations I can find to make sure no 
padding (or attacker controlled padding) exists, and therefore I'm gonna have 
the problem of either modifying something i didnt mean to, or more likely 
having the results discarded because it was my own implementation.

So, what I'm hoping for is someone with a fairly in-depth knowledge of 
RSAES-OAEP who can tell me what the reduction in complexity would be given an 
attacker that can control the plain-text, can receive the ciphertext, and can 
control the variables associated with OAEP; they just dont have access to the 
private key.

Thanks.
jf

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/