undefined | Better HN

0 pointsmSparks9y ago0 comments

since im not in the market for downvoting. ill just say.

eh.

RSA is a simple formula. takes a bit of fiddling and skill to get BigIntegers working. but anyone who passed highschool algebra could roll their own. in fact many high schools even set it as homework.

timing attacks you say. erm, not remotely connected.

0 comments

munin9y ago

If you implement RSA from the textbook, as a simple formula, you'll leave yourself vulnerable to padding based attacks that can recover the private key. It turns out that though the formulas are straightforward and the math can be explained after a decent undergraduate education, the implementation is still very subtle.

mSparksOP9y ago

padding attacks are only really related to encrypting data not sharing the product of two very large primes. You clearly havent got the faintest idea what you are talking about.

Rather than putting the rest of us at risk by putting zero value on the security of anything you make and guessing someone [a spook] will do it for you, why dont you recommend everyone takes some time out to at least learn the basics.

Yes, there are several "mines" you need to be wary of.

But they all pale into insignificance compared to linking openssl and thinking you are done.

kaoD9y ago

> timing attacks you say. erm, not remotely connected.

Fine, I'll trust your overwhelming evidence instead of the many timing attacks described against RSA implementations.

mSparksOP9y ago

All those attacks are "theoretical". As opposed to actually having been usefull in the wild - FUD (heartbleed otoh.....).

padding -> irrelevent to an RSA public key, everyone has to know the exact modulus and product, even the bad guys (although I recommend keeping public keys relatively secret)

timing -> irrelevent to an RSA public key, there is nothing you can get from how long it takes to decrypt or encrypt even 1024 bits of data (which is more than most impliementations even send), sometimes the exact same data will take 1ms, sometimes 100ms, it depends what else the machine is doing at the time.

j / k navigate · click thread line to collapse

0 comments

munin9y ago

mSparksOP9y ago

padding attacks are only really related to encrypting data not sharing the product of two very large primes. You clearly havent got the faintest idea what you are talking about.

Yes, there are several "mines" you need to be wary of.

But they all pale into insignificance compared to linking openssl and thinking you are done.

kaoD9y ago

> timing attacks you say. erm, not remotely connected.

Fine, I'll trust your overwhelming evidence instead of the many timing attacks described against RSA implementations.

mSparksOP9y ago

All those attacks are "theoretical". As opposed to actually having been usefull in the wild - FUD (heartbleed otoh.....).

padding -> irrelevent to an RSA public key, everyone has to know the exact modulus and product, even the bad guys (although I recommend keeping public keys relatively secret)

j / k navigate · click thread line to collapse