rsa padding padding-oracle
Updated Thu, 21 Jul 2022 02:15:28 GMT

Is RSA vulnerable to the padding oracle attack?

I know that AES in combination with CBC mode is vulnerable against the Padding Oracle Attack. RSA also uses some kind of padding, hence can this attack be apply to RSA encrypted messages too?


Yes, and it's devastatingly effective, too. See OAEP and other RSA/asymmetric-function padding standards. OAEP is what you should use these days so far as I am aware. PKCS#1 has other defined padding schemes also (eg PSS, PKCS1.5), only some of which are effective.