Usually when I see RSA-OAEP in a casual stroll through something's code, I stop there and move onto looking for other issues.
Reason: Very few users of RSA encryption bother to use a secure padding mode. If they're doing that much, the chances of doing something very stupid (a.k.a. "RSA-ECB") is low enough to discount for the purposes of message board discussions.
(Obviously, if I'm being paid to review something, I spend a lot more time on it.)
When I wrote my post above, all I cared about was the modes being used. That's why I vaguely said "some data".
A further analysis (i.e. where rsaEncrypt() is invoked) yields: They're only using RSA for encrypting AES keys, which is a sane design.
Hopefully my lazy word choice didn't cause you (or anyone else) any undue alarm.
When you said 'data' I assumed you meant a hybrid RSA-AES scheme - of course keys are technically 'data', but when talking about data in the context of cryptography, it usually means 'data that isn't a key' :)
You clearly deal with more competent people than me. Literally the last piece of code I read that specified RSA OAEP was trying to shove user session data into it.
Thanks for replying to put my mind at ease on this.
Usually when I see RSA-OAEP in a casual stroll through something's code, I stop there and move onto looking for other issues.
Reason: Very few users of RSA encryption bother to use a secure padding mode. If they're doing that much, the chances of doing something very stupid (a.k.a. "RSA-ECB") is low enough to discount for the purposes of message board discussions.
(Obviously, if I'm being paid to review something, I spend a lot more time on it.)
When I wrote my post above, all I cared about was the modes being used. That's why I vaguely said "some data".
A further analysis (i.e. where rsaEncrypt() is invoked) yields: They're only using RSA for encrypting AES keys, which is a sane design.
Hopefully my lazy word choice didn't cause you (or anyone else) any undue alarm.