PHP Classes


Recommend this page to a friend!

      RSA  >  All threads  >  deficiencies  >  (Un) Subscribe thread alerts  
Summary:impractical key generation,
Date:2009-12-05 15:46:15

  1. deficiencies   Reply   Report abuse  
Picture of arguetests arguetests - 2009-12-05 15:46:15
echo"<i>Keys:</i><br />";
$keys = $RSA->generate_keys ('9990454949', '9990450271', 1);

$message="هذا نص عربي بتنسيق مجموعة المحارف العالمية";
$encoded = $RSA->encrypt ($message, $keys[1], $keys[0], 5);
$decoded = $RSA->decrypt ($encoded, $keys[2], $keys[0]);

That's a horrible way to generate keys. It does the easiest part of key generation and leaves the hardest part to the person using the library. Plus, it doesn't provide you any mechanism to load pre-computed keys.

And the method it uses to encrypt and decrypt is about as secure as ECB is for block ciphers. You encrypt a plaintext multiple times and each time get the same ciphertext. PKCS#1 discuses two encryption / decryption methods for which this doesn't hold true, neither of which are implemented by this library.

phpseclib's Crypt_RSA overcomes all of these deficiencies: