RFC 3218 (rfc3218) - Page 1 of 7
Preventing the Million Message Attack on Cryptographic Message Syntax
Alternative Format: Original Text Document
Network Working Group E. Rescorla
Request for Comments: 3218 RTFM, Inc.
Category: Informational January 2002
Preventing the Million Message Attack on
Cryptographic Message Syntax
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This memo describes a strategy for resisting the Million Message
Attack.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 1
2. Overview of PKCS-1 . . . . . . . . . . . . . . . . . . . . . 2
2.1. The Million Message Attack . . . . . . . . . . . . . . . . 3
2.2. Applicability . . . . . . . . . . . . . . . . . . . . . . . 3
2.2.1. Note on Block Cipher Padding . . . . . . . . . . . . . . 4
2.3. Countermeasures . . . . . . . . . . . . . . . . . . . . . . 4
2.3.1. Careful Checking . . . . . . . . . . . . . . . . . . . . 4
2.3.2. Random Filling . . . . . . . . . . . . . . . . . . . . . 5
2.3.3. OAEP . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.4. Security Considerations . . . . . . . . . . . . . . . . . . 6
3. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6
4. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Author's Address. . . . . . . . . . . . . . . . . . . . . . . 6
6. Full Copyright Statement . . . . . . . . . . . . . . . . . . 7
1. Introduction
When data is encrypted using RSA it must be padded out to the length
of the modulus -- typically 512 to 2048 bits. The most popular
technique for doing this is described in [PKCS-1-v1.5]. However, in
1998 Bleichenbacher described an adaptive chosen ciphertext attack on
SSL [MMA]. This attack, called the Million Message Attack, allowed
the recovery of a single PKCS-1 encrypted block, provided that the
Rescorla Informational
