Getting RSA 256 Bits Wrong

1: The attack does not affect every public key algorithm

Reports of the original Black Hat talk, stated that the secret algorithm works by making it possible to predict prime numbers and that this allows ‘every form’ of public key cryptography to be broken.

2: The WebPKI doesn’t run on RSA alone

If someone had discovered a way to break RSA in 2010, the world would be in very deep trouble. The cryptography that secures the entire global financial system would be at risk because a large part of the infrastructure only supported RSA cryptography. If RSA fell, the whole system would have fallen with it.

3: There is a challenge problem, Crown Sterling ignored it.

After Ron Rivest, the R in RSA got fed up of constantly being told of ‘new’ approaches to factoring, he persuaded RSA Labs to set up a challenge competition with cash prizes for factoring numbers. The cash prizes were withdrawn some years ago but people still try factoring the numbers for fame and glory.

RSA-1024 = 135066410865995223349603216278805969938881475605667027524485143851526510604859533833940287150571909441798207282164471551373680419703964191743046496589274256239341020864383202110372958725762358509643110564073501508187510676594629205563685529475213500852879416377328533906109750544334999811150056977236890927563

4. Breaking a 256 bit RSA key is a trivial problem

Modern cryptography uses two types of encryption algorithm, symmetric algorithms in which the encryption and decryption keys are the same and asymmetric algorithms in which different keys are used. Using different keys for different roles allows those roles to be separated. Public key encryption is interesting because anyone can encrypt a message using the public key but only a person who knows the private key can decrypt.

5. The attack described is significantly worse than existing attacks.

What Crown Sterling claim to have discovered is some sort of structure in the distribution of primes that allows them to predict them. As mathematical claims go, this is neither astonishing nor remarkable. There are many known patterns in prime numbers. It would be rather surprising if there weren’t. For a start, all even numbers apart from 2 are not prime.

In summary

In his first piece on Crown Sterling, Schneier showed that every aspect of the presentation set off his ‘snake oil’ detector. Now that we can take a deeper look, it shows that the snake oil detector was right. At this point it is really hard to see how Crown Sterling’s claims could be made in good faith.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store