I am not an expert at all in cryptography. As far as I
understand, the output of rsa encryption (for a small enough message)
ought to be of a fixed length. For example with 512 bits keys the
output ought to be 64 bytes, but the following test is consistently
able to produce 63 bytes ciphertexts that decrypt correctly. Is this
normal or a bug?

function test() {
    var k = cryptico.generateRSAKey("",512), i = 0, max = Math.pow(2,12);
    var ciphertext = k.encrypt("");
    while (i < max && ciphertext.length == 128) {
        ciphertext = k.encrypt("");
        i++;
    }
    if (i < max) console.log("Error at iteration " + i + ":
           ciphertext length = " + ciphertext.length + "; ciphertext = " +
            ciphertext);
    return { key : k, ciphertext : ciphertext};
}

No response on this?

Thanks for pinging me on this, Alex.

Vincenzoml, since this issue is focused on Tom Wu's encryption library, I'm going to close this issue here and forward you there: http://www-cs-students.stanford.edu/~tjw/jsbn/

Also, (purely to sate my curiosity) can you (or anyone) provide a source for the fixed-length claim? I've been unable to corroborate after a light search.