Share this page!

thaidn Profile picture
Twitter logo
13 Sep, 9 tweets, 3 min read
Just in case you never saw RSA and didn't understand @0xfatty's fun discovery, here's some background.

A thread.

RSA is a famous cryptosystem invented in the 1970s, and still widely deployed. Its inventors won the Turing Award, computer science's equivalent of the Nobel Prize.
When used properly*, RSA allows humans and machines to digitally sign document to prove authenticity. Given a document and its RSA signature, anyone can verify that the document has not been modified. This is one of the most wonderful inventions of the 20th century.
I put a star to the word property because there are people like yours truly spending their entire adult life on finding, exploiting and preventing improper use of RSA (and other cryptosystems).

Using RSA with a small key is a classical misuse.
What's a RSA key? A RSA key consists of two components: a private key and a public key. To sign documents, one must have the private key. To verify, one only needs the public key. Thus, the private key must be kept secret, but the public key are usually disclosed publicly.
Since the public key is public, it's of paramount importance that nobody can figure out the private key from it.

A RSA private key contains at minimum 4 large numbers: p, q, e, d. A public key contains 2 numbers: e and N = p * q. Yes, N is the multiplication of p and q.
p and q are (hopefully) randomly generated prime numbers, and d is called the private exponent. These numbers must be kept secret.

If one can figure out p and q, one can easily compute d which is all one needs to sign documents.
N is called the modulus, and its size in bits is the key size. That is, Hanoi using 512-bit keys means its N is a 512-bit number. This is a huge number, having 154 digits, but, unfortunately, it's still too small. Acceptable RSA deployments nowadays require 2048-bit keys.
Since N is part of the public key, everybody knows its value. The security of RSA therefore relies on the fact that given a sufficiently large N, nobody knows how to compute p and q.

This is a surprisingly hard problem that has remained unsolved for thousands of years.
What about small N? They are easier to factorize! State of the art algorithm and software can already factorize ~900-bit N. 512-bit should take only hours.

This is exactly what @0xfatty did.

/End

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with thaidn

thaidn Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @XorNinja

thaidn Profile picture
31 Aug
A friend asked why they haven't seen much international news about the COVID outbreak in Vietnam. Honestly I don't know exactly why, but here's what I know.

Please spread the word. The world needs to know this.
My family has lost 3 members. My aunt died 3 days ago, her husband and another aunt's husband 2-3 weeks ago.

My dad and my uncle are hospitalized. My uncle is in bad shape, thanks God my dad has started recovering.

So far I've lost 8 people whom I'd known my whole life.
But this is not about me or my family.

I have friends and I can afford things. If I still can't protect my family, how the hell can less fortunate people deal with this horrendous crisis?

The answer is they can't and are dying en mass.
Read 11 tweets
thaidn Profile picture
8 Aug 20
I reversed the Vietnam's contact tracing app, and found that it can silently upload all contact history to a centralized server, despite claiming that it only stores data on the client.

Somebody then said I was wrong and challenged me to provide evidences.
Well, challenge accepted and achieved! github.com/thaidn/bluezone

I now know much more than I ever wanted to about React Native and how to merge split APKs =)
I'm now told that I don't understand how contact tracing works.

When I said in decentralized contact tracing systems, the server will publish a list of infected IDs, from which clients will download and do matching locally, dude said it never works that way.
Read 5 tweets
thaidn Profile picture
2 Oct 19
How this works (from memory)

Problem:
-Client has a single pair of (username, password) that it wants to check if it was leaked.
-Server has a huge database of leaked (username, password).
Security/privacy requirements:
- Server cannot learn the client's password
- Server cannot distinguish between the client's username and k-1 others, i.e., k-anonymity
To check a single password:
1. Client computes a k-bit hash of username, denote U
2. Client computes P = r * H(password), where r is a random scalar, and H(password) hashes the password to a point on NIST P-256
3. Client sends (U, P)
Read 8 tweets
thaidn Profile picture
30 Jul 19
Kepler: so, you see, orbit of a planet is elliptical. To find where the Earth is, we need a method to calculate the arc length of the ellipse
Fermat: I have discovered such a marvelous method which this tweet is too narrow to contain
Newton: This is a fluent problem, and, as usual, it can be solved with an infinite series expansion
Leibniz: Pardon monsieur, what's a fluent? Arc length is an integral problem, and to calculate ∫f(x)dx first you need to find a closed form function such that F'(x) = f(x)
(100 years had passed. The search for Leibniz's closed-form solution for the elliptic integral, that is ∫f(x, g(x))dx where f is a rational function and g is a polynomial of degree 3 or 4, had been fruitless)
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @XorNinja has new unrolls!

Check out other threads from @XorNinja!

Read all threads by @XorNinja

:(