4

So, i understand that we should always use padding on RSA so that if we send the same message with different keys, the Chinese Remainder theorem can not be used to decrypt it.

When looking at the padding schemes (OAEP) I do not get however why to use complicated hash functions when we have randomness introduced anyway. Can we not simply pad the message with this randomness and save ourselves some trouble?

Rory Alsop
  • 61,507
  • 12
  • 118
  • 322
Joran
  • 41
  • 1

1 Answers1

4

When deciphering the message, the recipient must have a way to ensure that the padding hasn't been modified (which obviously you cannot when the padding is random).

WhiteWinterWolf
  • 19,292
  • 4
  • 61
  • 110