Security

I thought I had a solid understanding of the differences between RSA encryption schemes and their use cases. But while implementing RSA encryption today, I noticed something puzzling: the ciphertext was different every time, even with the same plaintext and public key. This was a blind spot for me. After researching the internals, here is what I found. The Issue The following code uses OpenSSL’s EVP API for RSA encryption. No random value is explicitly provided, yet the output differs on every call: ...

Before working with HTTPS, I recommend reading Android Training: Security with SSL. Many companies have adopted full-site HTTPS, but not all implementations are correct. This post records some issues I encountered. ...