If you really must support RSA in 2022, here’s some things to keep in mind.
Wherein some furry casually saves a University tens of thousands of dollars on a NIST SP 800-171 audit they were doomed to fail anyway.
An assortment of topics that don’t quite deserve their own dedicated blog post.
RSA is for encrypting symmetric keys, not entire messages. Pass it on.
If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you’re not leaking secret information through side-channels. The descriptions of algorithms you learn in a classroom or textbook are not sufficient for real-world use. (Yes, that means your toy RSA implementation […]