[isapros] Re: OT: Breaking RSA: Totient indirect factorization
- From: Steve Moffat <steve@xxxxxxxxxx>
- To: ISAPros Mailing List <isapros@xxxxxxxxxxxxx>
- Date: Fri, 16 Nov 2007 17:31:02 -0400
What if hypothetical questions didn't exist?
:)
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Greg Mulholland
Sent: Friday, November 16, 2007 5:23 PM
To: ISAPros Mailing List
Subject: [isapros] Re: OT: Breaking RSA: Totient indirect factorization
"because any password may eventually be cracked, all passwords are equally
weak".
Riiight so my password he was working on and was within two days of cracking
(assuming he lived till he was 24 million years old) which happened to be
changed/disabled/computer formatted c: by the IT bots of the future 3 days
before he would have got it... So now there is one password he will never
crack..
You're analogy of "because I can imagine it, it is good" is quite right.
Many times at work I get emails or calls asking about potential/hypothetical
situations and scenarios, part of the job I guess but 9/10 times the answer
is always the same, what is the perceived risk and what is the actual risk.
How much are you willing to spend on a perceived risk just for the sake of
it when it may only pose 3% of the attack surface or overall outlook. The
majority of the time it also involves a considerable cost, otherwise it
would have been done already. I once had a guy who wanted to put a
fingerprint scanner on the entry to the server room. Great idea, the stuff
movies are made around, BUT, as I said to him, who cares, does a separate
key do they same thing and save you allot of money? Do we have a problem of
breakins-no, is there a risk-yes always but did they want to spend the
Johnny cash, well maybe it can be better served in other areas!
g
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Friday, 16 November 2007 6:35 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: OT: FW: Breaking RSA: Totient indirect factorization
There was a similar discussion on an internal alias regarding password
entropy and "crackability".
The sad outcome is that the customer that started the discussion is still
convinced that (get this):
"because any password may eventually be cracked, all passwords are equally
weak".
They also want to "proxy" a set of credentials within the SSL session key
from a completely different SSL session (shared session keys).
"because I can imagine it; it is good"
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Thor (Hammer of God)
Sent: Thursday, November 15, 2007 11:54 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] OT: FW: Breaking RSA: Totient indirect factorization
I love guys like this ;) (The OP was how to break RSA ;)
t
-----Original Message-----
From: Clifton Royston [mailto:cliftonr@xxxxxxxx]
Sent: Thursday, November 15, 2007 8:59 AM
To: gandlf
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Breaking RSA: Totient indirect factorization
On Wed, Nov 14, 2007 at 10:59:42PM +0100, gandlf wrote:
..
> Algorithm
> ---------
>
> - Repeat "a = a^n mod m" with n from 2 to m, saving all the results in
> a table until a == 1 (Statement 4).
Do I understand correctly that this step of your proposed algorithm
can identify the private key corresponding to (e.g.) a 1024 bit public
key, but only by doing on the order of Sum(2..2^1024) = ~ 2^1025
modular exponentiations and storing the results? If so, that would
come to approximately 1E307 modular exponentiation operations.
Divide that out by (for example) teraflops and the expected lifetime
of the universe, and I don't think you will get a pleasing result.
-- Clifton
--
Clifton Royston -- cliftonr@xxxxxxxxxxxxxxxxxx / cliftonr@xxxxxxxx
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting
services
Other related posts:
