Hacker News new | past | comments | ask | show | jobs | submit login

Any practical implementation avoids encrypting individual characters for this and other reasons. Wikipedia goes into some detail about chosen–plaintext and chosen–ciphertext attacks, and about some of the different forms of message padding that have been invented to secure against those attacks. The result is that RSA is applied not to individual bytes, but to blocks made of dozens of bytes at a time. Some of the bytes in each block come directly from the message to be encrypted, others are null or have other known values, and some will be computed using hash functions.

See generally


To the original poster, see also


One should never use "textbook RSA" for secure communications. It has problems with plaintext malleability (that is, there's a predictable way that an attacker can change the plaintext, possibly meaningfully, by changing the ciphertext), with some number-theoretic attacks, and more. Also, with textbook RSA, the message size is limited to the size of the modulus (e.g. with a 2048-bit modulus, you could never send more than 2048 bits of plaintext in a single message).

You can also become familiar with many of these problems by working through Thomas Ptaček's Cryptopals exercises.


In these exercises, you implement famous attacks against naive versions and inappropriate applications of ciphers, including RSA.

Most ciphers provide confidentiality properties under highly idealized conditions where an attacker is given the least prior knowledge and least ability to influence the communications process, and where mathematical quirks that could lead to a mathematical solution of the cipher are assumed not to occur. This means that other kinds of constructions need to be used in order to produce a system that's secure in practice. An analogy is that one might use a hash for message authentication, based on the claim that the hash is secure in certain settings -- but this may be vulnerable to length extension attacks. Or one might use a block cipher in ECB mode, based on the same sort of claim -- but this may be vulnerable to several mode-of-operation attacks such as recognizing repeated encryptions of the same plaintext.

Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact