undefined | Better HN

0 pointsupofadown2y ago0 comments

Well, sure, but the alternatives are more complex and harder to get right. You can literally just pick two random numbers of the right magnitude, find the closest primes, and be good for RSA.

My comments on "Seriously, stop using RSA":

* https://articles.59.ca/doku.php?id=pgpfan:rsabad

0 comments

tptacek2y ago

No, the alternatives are less complex, and easier to get right.

Further: the article you linked to describes the attack we are talking about right now on this thread, a fully remote fault attack that harvested keys off random SSH servers on the Internet, as "a completely theoretical hardware attack". (Narrator: it was not; further, this is that "completely theoretical" attack in its most difficult setting.)

upofadownOP2y ago

The attack I linked to discussed completely theoretical attacks. No examples were provided. The attack we are commenting on does provide an example.

In context it it obvious that I was addressing the contention that the paper I linked to had something to do with an implementation error.

tptacek2y ago

Yes, examples of the attack you dismissed. And you cited it as evidence on this thread about that attack. It's just very funny, is all.

1 more reply

j / k navigate · click thread line to collapse

0 pointsupofadown2y ago0 comments

Well, sure, but the alternatives are more complex and harder to get right. You can literally just pick two random numbers of the right magnitude, find the closest primes, and be good for RSA.

My comments on "Seriously, stop using RSA":

* https://articles.59.ca/doku.php?id=pgpfan:rsabad

0 comments

tptacek2y ago

No, the alternatives are less complex, and easier to get right.

upofadownOP2y ago

The attack I linked to discussed completely theoretical attacks. No examples were provided. The attack we are commenting on does provide an example.

In context it it obvious that I was addressing the contention that the paper I linked to had something to do with an implementation error.

tptacek2y ago

Yes, examples of the attack you dismissed. And you cited it as evidence on this thread about that attack. It's just very funny, is all.

1 more reply

j / k navigate · click thread line to collapse