Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-18-2007, 18:46
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Question on PKE

Hi all,
today I downloaded the EDGE release of R-Studio 4.0 and discovered that, unlikely previous releases of cracks and keygens for this software, aimed primarily to change the internal public key, the EDGE keygen creates a fully working key.

If I analyze the keygen i find 2 costants of nearly 1024 bits.

So here is the question: Is it a mistake in the implementation by R-Studio that made the algorithm vulnerable, or can RSA (It should be that) 1024 be keygenned?
Reply With Quote
  #2  
Old 09-18-2007, 23:08
bLaCk-eye bLaCk-eye is offline
Friend
 
Join Date: Aug 2004
Posts: 32
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
bLaCk-eye Reputation: 0
Very probable that there is a mistake in the implementation or a weakness somewhere.
If RSA-1024 got broken i'm sure we would see it in the papers, unless EDGE guys know something that we don't :P.

Nice release anyway
Reply With Quote
  #3  
Old 09-19-2007, 07:36
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
The display in the Keygen states it "involved the factoring of a 512 bit RSA key" so that should end any speculation they may have "cracked' a RSA-1024 bit key. This is not to diminish their accomplishment, only to end the "speculation" about what they have accomplished.

Regards,
__________________
JMI
Reply With Quote
  #4  
Old 09-19-2007, 19:10
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
I'm wondering on how much time can take a project like that...I mean...factoring 525bit RSA Key...months? A year?
Reply With Quote
  #5  
Old 09-19-2007, 21:27
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
TmC:

You are correct. I mis-read the Keygens display that actually says "525 bit RSA Key", rather than "512 RSA Key" as I reported in my post above. The NFO states: RSA-525 factored in 2 weeks, no patching, no cheating

This is the same claim EDGE made in their releases of their "keygen" for various earlier versions of this same software, going back several months. The ONLY problem is, and the probable cause for my misreading, is there appears to be no public reference to a RSA-525 standard except in their releases related to this software, while there is, indeed, a well known RSA-512 standard for public key encryption.

Even the SHA hash functions, which stands for Secure Hash Algorithm, and its five algorithms, denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512, has no "public" SHA-525 standard. SHA-224, SHA-256, SHA-384, and SHA-512 are sometimes collectively referred to as SHA-2. SHA-1 produces a message digest that is 160 bits long; the number in the other four algorithms' names denote the bit length of the digest they produce.

Maybe a member of EDGE is a member here and can enlighten us on what they actually mean by: PROTECTION ....... RSA-525.

Regards,
__________________
JMI
Reply With Quote
  #6  
Old 09-19-2007, 21:48
tofu-sensei tofu-sensei is offline
Friend
 
Join Date: Jul 2004
Posts: 113
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 1
Thanks Rcvd at 24 Times in 13 Posts
tofu-sensei Reputation: 15
edge.nfo
Code:
  RSA FACTORING DETAILS
   The (c158) key was factored using the GNFS.
   Special care was taken in the choice of a good polynomial, so a
   substantial CPU power was spent in this step.
   Using a factor base with bound 30*10^6 (on both rational and algebraic
   side), we lattice sieved most special-q from 30*10^6 to 120*10^6.
   Large primes up to 2^32 were allowed. The sieving region was 16384x8192.
   Finally 111166072 relations were produced. After filtering and
   reduction, we obtained a matrix of 5834788x5835036 of weight
   435572936.
   After finding the matrix's nullspace, 37 dependencies were found.
   This was done using a parallel Block-Lanczos implementation.
   Computing the square roots took about a couple of hours per dependency.
   Finally, on the 1st dependency a non-trivial factorization was
   obtained, yielding two p79 factors. These are:
   96859774968738100242749024031422454403737620189568319581559767450468778
   34947331
   and
   97612888871279422460170795622468505446565299697129772078285299016368621
   44931893
   Calendar time for the factorization was about 2 weeks, including
   polynomial selection.
Attached Images
File Type: png edge.png (6.0 KB, 14 views)
Reply With Quote
  #7  
Old 09-19-2007, 22:14
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
Thanks tofu-sensei.

I saw this in the nfo also, however, it doesn't really explain the reference to RSA-525. I have seen one references to RSA-576 for example in:

http://www.crypto-world.com/FactorRecords.html

Part of what is "strange" about it is that this articles description of RSA-576 involves "only" 174 digits, while all the other "general purpose factoring records" which involve "RSA" designations the combination equals the number of digits used. For example, from the article, RSA-200 involved "200" digits, while RSA-576 involved only "174".

Although we have some real crypto experts on the Woodmann RCE Forum, I'm certainly not one of them, and just do general reading on the subject, which explains my familiarity with RSA-512.

Regards,
__________________
JMI
Reply With Quote
  #8  
Old 09-19-2007, 23:03
tofu-sensei tofu-sensei is offline
Friend
 
Join Date: Jul 2004
Posts: 113
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 1
Thanks Rcvd at 24 Times in 13 Posts
tofu-sensei Reputation: 15
RSA-xxx are names given to certain "challenge numbers" by RSA Labs, sometimes referring to the number of bits, sometimes to the number of digits.
EDGE are simply saying they factored a 525-bit number.
Reply With Quote
  #9  
Old 09-19-2007, 23:59
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
That's also what I "assumed" from the NFO, which, however, leaves me wondering about the RSA-576 reference I mentioned above, which involved only "174" digits, rather than 576 bits. Sort of seems like the protection might more correctly be called a "525 bit key", rather that RSA-525, but again, I am no expert in this field and never liked "math" very much.

Regards,
__________________
JMI
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VS 6 question(s)... newguy General Discussion 9 04-22-2004 19:49
Question to JMI Rhodium General Discussion 1 02-20-2004 06:16
Question about Ds 3.0 ysco General Discussion 7 09-01-2003 09:32


All times are GMT +8. The time now is 10:13.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )