Explain why this is a poor use of RSA by giving an attack on this system. You cannot assume that you can factor n. Illustrate your attack by decrypting the following ciphertext which was generated using the public key (n=18721, e=25):
18718, 13444, 4644, 13444, 1437, 0, 17173, 13444
2. Suppose we use two different RSA public keys (n, e1) and (n, e2) where e1 is not equal to e2. In other words, the modulus n is the same, but the public exponents are different. Explain how you can recover the plaintext M if you are given C1 = Me1 mod n and C2 = Me2 mod n.
3. As we well-know, CBCMAC is secure only if the number of blocks in the length of the message is fixed. We define a new MAC called XMAC which is a modification of CBCMAC attempting to allow msgs of any length. XMAC is defined as follows: choose two random keys, K and L, where K is a 56-bit DES key and L is a 64-bit string. Let CBCMACK be the CBCMAC over DES with key K. Now define XMAC(M) = CBCMACK(M) xor L. Please answer the following two questions, giving a convincing argument for your answers.
4. Describe how to find the remaining WEP-key bytes K[4..7] by extending the attack we covered in class.