I'm thinking more about my idea to stream a "speedrun" of 512 bit RSA factorization.
-
I'm thinking more about my idea to stream a "speedrun" of 512 bit RSA factorization. Sub 2 hour appears possible. It'd help force cryptographic libraries to deprecate it.
I still have tens of thousands of pounds of legal costs to cover, so I want to make it a fundraiser.
The movie Sneakers, which involves a cryptography-cracking Macguffin (strongly implied to break RSA - Len Adleman, the "A" in RSA was a consultant for the film).
In the film, one of the characters remarks “There isn’t a government on this planet that wouldn’t kill us all for that thing”, and indeed several characters are killed over the Macguffin.
Too many secrets.
Back then, 512 bit was a common key size for RSA. Now, it will fall to a single cheap PC with publicly available software in a couple weeks. I recently did some experimenting, and believe I can do it in two hours. Coincidentally, in Sneakers, the credits roll at about 2h01m31s and the film ends at 2h05m24s.
Naturally, this seems like a time to beat.
I've converted the entire movie to run inside terminal in full color unicode art with subtitles (I've posted screenshots recently - it's very watchable).
I was thinking I'd take pledges for certain time goals (before the NSA shows up, under 2 hours, beat the film, under 2½ hours, under 3 hours, under 3½ hours). The current best time that I'm aware of is "under four hours", so this will be a world record.
Anyone willing to help make this happen?
-
Seth Hanford 🐡replied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc it's a good cause, I love Sneakers, and I think you've put a lot of thought into making the screenshots accessible and effort into making it very watchable. I'm in.
https://infosec.exchange/@ryanc/113039048229129925 -
Stephen Battista (he/him)replied to Ryan Castellucci :nonbinary_flag: last edited by [email protected]
@ryanc If you can factor 512 in 2 hours, there is no way that anyone could factor a 1024-bit RSA key using your method, seeing that a 10124 key would take 10154 more time / compute power.
-
Ryan Castellucci :nonbinary_flag:replied to Stephen Battista (he/him) last edited by
@MITREsteve The attack is General Number Field Seive, not brute force, and it does not scale like that. To crack a 512 bit key requires about ⅑ of a core year.
A 829 bit key was cracked in 2020 in about 2700 core years.
A 1024 bit RSA key could be cracked in months, for on the order of a million dollars.
-
4censord :neocat_flag_pan:replied to Ryan Castellucci :nonbinary_flag: last edited by
@[email protected] @[email protected] that sounds like something the EFF would support. they did something similar before, when they build effectively a supercomputer with custom asics to crack des: https://en.m.wikipedia.org/wiki/EFF_DES_cracker
-
Ryan Castellucci :nonbinary_flag:replied to 4censord :neocat_flag_pan: last edited by
@4censord @gotrans hadn't really considered talking to them - the actual cracking is a trivial cost, under $100 of cloud compute.
The fundraising is for my lawsuit against the British government (see my profile) that's looking like to could ultimately cost me hundreds of thousands of dollars on top of what I've been able to fundraise.
-
Stephen Battista (he/him)replied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc, checking my SSH keys. They are 8192 in length. I know that's overkill, but hey, computing is cheap.
-
Ryan Castellucci :nonbinary_flag:replied to Stephen Battista (he/him) last edited by
@MITREsteve or... You could use Ed25519? I disable RSA entirely on my ssh servers now.
-
Stephen Battista (he/him)replied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc if I’m right it takes more qbits to break 4096 RSA than 256 ECC. Now all of this is theoretical as I don’t think that somone is going to use a quantum computer that may only exist in some secret classified project to attempt to reverse my keys to login to one of my boxes.