2017.04.28 22:49:13 (858060557567524864) from Daniel J. Bernstein, replying to "Scott Arciszewski (@CiPHPerCoder)" (857289165926486016):
No. What's implemented is Shoup's "Simple RSA", aka "RSA-KEM". The session key is a hash of a fully random plaintext as long as the modulus.
2017.04.26 19:39:08 (857287944083734528) from "Thomas H. Ptacek (@tqbf)" = "Thomas "Secular Armenianist" Ptacek (@tqbf)":
Ok then.
2017.04.26 19:43:59 (857289165926486016) from "Scott Arciszewski (@CiPHPerCoder)", replying to "Thomas H. Ptacek (@tqbf)" = "Thomas "Secular Armenianist" Ptacek (@tqbf)" (857287944083734528):
Will Post-Quantum RSA still be accompanied by PKCS1v1.5 padding?