No, RSA Hasn’t Been Cracked. But Crown Sterling Is Very Confused
A recent demonstration by a new cryptography company raises eyebrows. Amazingly, the company claims to have broken the 256-bit encryption that protects just about everything from your banking to this very internet website.
They’re also implying that blockchains and cryptocurrencies are now obsolete. So, you know: small stuff.
The fine fellow pictured is Robert Grant, CEO of said company-Crown Sterling Limited, LLC. He’s a self-described “Modern polymath combining innovation, mathematics, artistic design and entrepreneurship into balanced creations intended to benefit all.”
Which is nice. But people who actually understand cryptography are using words such as “absurd … bogus … delusional … fraud … scam … shady,” and some even compare the company to Theranos. In today’s SB Blogwatch, we seek the wood in the trees.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: tiny things.
What’s the craic? Sean Gallagher calls it a, ” Medicine show “:
In a conference room … in Newport Beach, California, Crown Sterling CEO Robert Grant, COO Joseph Hopkins, and a pair of programmers staged a demonstration of Grant’s claimed cryptography-cracking algorithm. … Grant and Hopkins had their minions generate two pairs of 256-bit RSA encryption keys and then derive the prime numbers … from the public key in about 50 seconds.
Grant claimed that the work could be used to “decrypt” a 512-bit RSA key in “as little as five hours.” [But it] only raises more skepticism about Grant’s work and about Crown Sterling. … Grant’s efforts [were] met with … derision by a number of cryptography and security experts.
Grant said that the presentation was only to demonstrate the vulnerability of the RSA algorithm. Grant insisted that weak RSA keys were still widely in use.
O RLY? Bruce Schneier makes fun of the claim ” to Factor RSA Keylengths First Factored Twenty Years Ago “:
Earlier this month, I made fun of a company called Crown Sterling … for being a company that deserves being made fun of. [256-bit] is so small it has never been considered secure.
They’ve matched a factoring record set in 1999. … Is anyone taking this company seriously anymore?
People, this isn’t hard. Find an RSA Factoring Challenge number that hasn’t been factored yet and factor it. Once you do, the entire world will take you seriously. Until you do, no one will.
And you thought 256-bit crypto was strong? Paragon Initiative Enterprises-@ParagonIE -exposes the confusion:
So why such a small key? CEO Robert Grant explains it all away:
It’s not practical to crack larger keys in a live session: 512bit is about five hours. … Our new algorithm of 1/x Reciprocal Factoring is our next approach and will be using that to factor ‘large’ Keys next.
The 1/x Reciprocal value of a number is its literal DNA, it includes all the information you need to understand the number, including its factors and exponential powers (in both directions). And we believe it also may unlock the nature of space-time itself.
Exciting times are upon us.
Wait, what? Mark Carney papers over the cracks: [ You’re fired – Ed.]
Grant’s paper demonstrates how to take the 24 opportunities (mod 24) and reduce them down to 8 opportunities, which is a significant reduction in the search space. [But] these are still CPU expensive arithmetical operations – checking if something is prime or not is a computationally expensive thing to do.
As such there is little effective difference between these optimizations and simply pre-computing all primes below a certain bit-length. … Whilst there may be some which gives significant reductions in the upper search space above knowing information about coprime numbers below , the efficiency does not scale.
Does all this remind you of another mysterious California company? Markus Ottela is somewhat scathing:
That’s a serious allegation. nneonneo pours gasoline on the flames:
Whoa. What if they lawyer up? Nicholas Weaver-@ncweaver -is ready to party:
Time for a colorful metaphor? Rob Graham-@ErrataRob -offers this analogy:
Magicians sawing women in half on stage are more convincing than a laptop a factoring 256-bit RSA keys in a hotel room. … In any event, 50 seconds to factor a 256-bit (77-decimal digit) RSA key on a standard laptop is about exactly what you’d expect from the existing “number sieve” algorithms we have today.
Oops. But Steve Weis-@sweis -finds at least the tiniest truthiness in the company’s claims:
Shady people are making dumb claims right now. [But] in 2019, almost nobody should be using RSA for new projects.
256-bit RSA keys were factorable in the 1980s. … 1024-bit RSA was already suspect 15 years ago. … The NSA explicitly says not to use 2048-bit RSA and to upgrade anything less than 3072-bit RSA.
Meanwhile, @bitologist drips with sarcasm:
Holy ****, what a discovery! You are definitely going to be the talk of the town during the 1989 edition of Defcon.
Relax and Enjoy the View (of Tiny Things) You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or firstname.lastname@example.org. Ask your doctor before reading. Your mileage may vary. E&OE.
Image source: strathspeycrown.com
Article by channel:
Everything you need to know about Digital Transformation
The best articles, news and events direct to your inbox
Read more articles tagged: Cryptography