взломщикам RSA на заметку

georgel: First, you are supposed to convert all the inputs and outputs to binary form. They are in 8-bit n-residue form. Factoring those as if they were numbers is of no use.

 

Ruptor

How?

And then what when I have several primes?

 

RTFM. Any big number library has a function for that, including Miracl. No one is going to do it for you.

Nothing. You haven't prepared a list of cubes resulting in small primes yet. It's a long search somewhat similar to the quadratic sieve, but once you have those, you just multiply them for all the factors of your input to make up its signature. It is not as expensive as factoring, but you won't be able to forge any signature, only the smooth ones. In the above example for instance, two of the factors are too large. You would not be able to forge that particular signature if it wasn't in n-residue form.

 

Ruptor
BTW: output.bin is in binary form - it is 100% a message and I know the meaning of every byte in it. It does not need any conversion except to place most significant bytes first, e.g. to reverse the order of bytes.

I don not know the meaning of

yet, because I couldn't find TFM.

The input.bin from the example bin should be the output of the method we discuss here and is my goal, but as such it would require this mysterious n-residue conversion as a final operation, wouldn't it? I think there is a bit of misunderstanding from me or even from you as to which item is input and which is output

The only thing that gives me a little hope is that I could have enormous amount of "output.bin"s that suit my needs and one of them could be smooth for your mysterious and unknown method...

 

georgel
You obviously do not understand how Montgomery multiplication works or how this simple old attack works. It is far from mine and far from mysterious. As a result, your frustration is leading you to attacking me personally. I do not wish to continue helping you any further. It is your problem, not mine. All I can do is repeat: 1) figure out the difference between a number in binary form and its n-residue form and how to convert between the two (RTF Miracl library documentation), 2) find this attack in the literature - it is probably the oldest attack against RSA that there is and the reason why all the RSA signature algorithms hash and time stamp messages before signing them.

 

Ruptor

Yes, so far I don't. Do I have to? I just wanted to know what is n-residue format. I skimmed through MIRACL docs again today after your last message (user's manual http://www.shamus.ie/uploads/docs/userman.pdf and reference manual http://www.shamus.ie/uploads/docs/refman.pdf) and found nothing clear on what is n-residue format but a description of converting routines (to and from n-residue and modulus preparation?) and their API.

Yes, which one of the attacks??? There are so many and I can't find one that fits this case and your explanation... http://www.scipub.org/fulltext/jcs/jcs28665-671.pdf

On the contrary, I am irritated because of my stupidity and not understanding you. No one is attacking you ))))))))))))) Moreover I think you are disappointed from explaining these things to someone (me) who obviously can't understand you.

I've tried. All that comes to my stupid mind is m1^e*m2^e===(m1*m2)^e. But this requires access to encrypting party. Or I suspect you mean representing the message like m1*m2*...*mn, where all numbers are small enough and are not affected by the modulus...


Finally I've found this which is more useful (to me) than the miracl docs themselves:

http://ftp.funet.fi/pub/crypt/math/montgomery-multiplication.txt

 

1024-битный шифр RSA взломают через пять лет

http://habrahabr.ru/blog/crypto/12565.html

 

georgel
почитай лит-ру; поэксперементируй; отвлекись, коли мозг циклит, а так ты заставляешь человека строкать тебе портянки лекций на форуме - он тебе всё равно лучше, чем в книге не напишет.
Garaus
инфа уже с бородой и впринцепе интереса никакого не представляет - взлом засчёт простого роста производительности железа являет собой пустую новость

 

UbIvItS
А ты его понял? Кто нибудь здесь его понял? Наверное он мне объяснял как найти точных кубов...Ето не подойдет для таких больших чисел...Там только 2^512 точных кубов.

 

georgel
первым делом не совсем понял, что тебе нужно: понять есть ли уязвимость в досовской реализации рса и как её юзать???

 

UbIvItS
Да. Мне нужно из своего output.bin сделать input.bin, которое потом с "досовской реализации" трансформировалось правильно опять в output.bin...