PHP Classes

deficiencies

Recommend this page to a friend!

      RSA  >  All threads  >  deficiencies  >  (Un) Subscribe thread alerts  
Subject:deficiencies
Summary:impractical key generation,
Messages:1
Author:arguetests
Date:2009-12-05 15:46:15
 

  1. deficiencies   Reply   Report abuse  
Picture of arguetests arguetests - 2009-12-05 15:46:15
echo"<i>Keys:</i><br />";
$keys = $RSA->generate_keys ('9990454949', '9990450271', 1);

$message="هذا نص عربي بتنسيق مجموعة المحارف العالمية";
$encoded = $RSA->encrypt ($message, $keys[1], $keys[0], 5);
$decoded = $RSA->decrypt ($encoded, $keys[2], $keys[0]);

That's a horrible way to generate keys. It does the easiest part of key generation and leaves the hardest part to the person using the library. Plus, it doesn't provide you any mechanism to load pre-computed keys.

And the method it uses to encrypt and decrypt is about as secure as ECB is for block ciphers. You encrypt a plaintext multiple times and each time get the same ciphertext. PKCS#1 discuses two encryption / decryption methods for which this doesn't hold true, neither of which are implemented by this library.

phpseclib's Crypt_RSA overcomes all of these deficiencies:

phpseclib.sourceforge.net/