Home › B.Tech Cyber Security › cybersecurity › Cryptography › RSA encryption with PKCS#1 v1.5 padding is now c…
RSA encryption with PKCS#1 v1.5 padding is now considered
Athe modern best practice
Binsecure now (use OAEP)
Cfaster than AES
Dan asymmetric stream cipher
Answer & Solution
Correct answer: B. insecure now (use OAEP)
1. PKCS#1 v1.5 padding for RSA: introduced in the 1990s. Vulnerable to BLEICHENBACHER attacks (1998 onward) which let an attacker decrypt arbitrary ciphertexts via timing or error-message side channels.
2. OAEP (Optimal Asymmetric Encryption Padding): introduced in PKCS#1 v2.0, provides provable security against chosen-ciphertext attacks (under standard assumptions).
3. MODERN guidance: use RSA-OAEP for encryption, RSA-PSS for signatures (replacing PKCS#1 v1.5 signatures).
4. STILL SEEN: legacy systems and certificates may use v1.5 — phasing it out is ongoing.
5. NEW applications should reach for elliptic-curve crypto (ECDH, EdDSA) over RSA altogether — smaller keys, faster.
_Source: Boneh & Shoup, §11 (RSA padding, OAEP) + RFC 8017._
Related questions
A SALT in password hashing isFORWARD SECRECY in TLS meansA CERTIFICATE AUTHORITY (CA) in PKI does what?TLS (Transport Layer Security) uses a HYBRID encryption scheme. Why?An HMAC (Hash-based Message Authentication Code) providesWhich block cipher mode is INSECURE and should NEVER be used because it leaks PATTERNS in Which hash algorithm is considered DEPRECATED / WEAK and should NOT be used for new applicDIFFIE-HELLMAN key exchange allows two parties to