Practice free →
HomeB.Tech Cyber SecuritycybersecurityCryptography › RSA encryption with PKCS#1 v1.5 padding is now c…

RSA encryption with PKCS#1 v1.5 padding is now considered

Athe modern best practice
Binsecure now (use OAEP)
Cfaster than AES
Dan asymmetric stream cipher
Answer & Solution
Correct answer: B. insecure now (use OAEP)
1. PKCS#1 v1.5 padding for RSA: introduced in the 1990s. Vulnerable to BLEICHENBACHER attacks (1998 onward) which let an attacker decrypt arbitrary ciphertexts via timing or error-message side channels. 2. OAEP (Optimal Asymmetric Encryption Padding): introduced in PKCS#1 v2.0, provides provable security against chosen-ciphertext attacks (under standard assumptions). 3. MODERN guidance: use RSA-OAEP for encryption, RSA-PSS for signatures (replacing PKCS#1 v1.5 signatures). 4. STILL SEEN: legacy systems and certificates may use v1.5 — phasing it out is ongoing. 5. NEW applications should reach for elliptic-curve crypto (ECDH, EdDSA) over RSA altogether — smaller keys, faster. _Source: Boneh & Shoup, §11 (RSA padding, OAEP) + RFC 8017._
Solve this in the app — B.Tech Cyber Security practice & 24k+ MCQs →
Related questions