Breaking RSA - Computerphile

Can someone give a proper intuitive explanation for this? I just tried it myself, randomising the last 512 bits and it found the result in the first step of ceil(sqrt(n)). How can it pinpoint to the solution so easily.

Interesting that you only have <d> in the private key, all the reference implementations I've found (and the one ChatGPT spat out) all have a two-part private key, made of (<n>, <d>) and also using both…

Why is 65537 the best integer?

please make a cryptography playlist of Dr. Mike Pound videos

You explained very well for a person that doesn't know anything about math

Not sure if anyone has mentioned this, but I love how you've repurposed continuous feed (dot matrix) paper! Also, your writing is so clean and legible, which makes it perfect for this application!

Whilst it is true in practical terms, as any odd number can indeed be written as a2-b2, if N is divisible by 2 and not 4 (6 = 3 * 2, or 14 = 7 * 2), the statement that "any composite number N can be written as the difference of two square numbers" is not true. Again, in the case of RSA, this is a non issue since for this not to work, p or q must be 2 (the only even prime), which is obviously a terrible idea.

A side note - any modulo with a prime base creates a group under multiplication, which is why you mentioned finding the inverse of phi_n - I think this is an awesome example of pure maths such as group theory actually being used in action! :)

Awesome video, however u cant apply this formula u made (N = a² - b²) for all cases... just the one you picked ;)

Wow! There should be some software that confirms a public key is strong.... I'm guessing this already exists.

so the lesson here is to mind your Ps and Qs

That dot matrix printer paper though.

"I'm not a genius, it just wasn't difficult". I'm using this

Definitely stealing this method for CTFs. I've been using a number field sieve to factor low-bit modulo numbers. This is awesome!

The good news is since getting the weak primes out of the keys is so trivial, it's equally trivial to make a test at key creation and just reject the keys and start over.

So. How is openssl generating p, q?

plz ! i hope you make a video about chacha20/xchacha20 cipher with more details !!

put your key away, waltuh; I don't wanna exchange with you, waltuh;

Not good tutorial. Don’t explain how to break internet.

When I started following Numberphile I couldn't understand what was all the fuss about with the primes. Then I started following computerphile and it slowly started to make sense.

Thanks Peter Parker

I thought it was Elijah Wood explaining rsa

Fermat is pronounced "Fer-mah"

Wow YT video compression hates ur sweater.

that is so clever! omg

Protect this man at all costs.

I don't understand one thing though, 1 mod anything is always 1 right? So what's the point of writing 1 mod (euler totient (n))?

How do we know if our RSA implementation avoids this? Could NSA sneak something in that causes this weakness?

Generate the primes.... do this test to 100 iterations. if it fails throw them out, if it passes keep them. ???

This is exactly the reason why one must never implement cryptographic algorithms as they are explained in textbooks. They lack all these real world tweaks which are necessary to prevent very specialized attacks for specific cases.

There even have been smartphone apps in the past (sorry for not remembering the names - they were short lived), where cryptographers essentially criticized exactly that: It was a textbook implementation which does not hold up against real world scenarios, resulting from specific hardware, bad random number generators, limited memory, similar user mindsets, etc...

Very nice! A video with a practical example! Not only dry theory as most of your videos.

Common factor attack: Given two private keys n1 = p * q1, n2 = p * q2, using the same p, then p = gcd(n1, n2), which is easy to compute with Euclid's algorithm, then q = n / p.

This actually happened for a large number of public keys in the wild, that had been generated using a faulty prime number generator. This finding was revealed in a paper from February 2012.

I have no idea what he’s talking about but I can’t stop watching

The hilarious part is that, unless it was some clever editing, it took longer to verify that p and q were primes than it did to derive them.

clickbait title.

This demo program would have better when it also printed the number of iterations needed.

I tried many ways, I even modified my iptables rules, firewall restrictions, and all the possible ways, but still I cant get reverse shell. Netcat doesn't listen to my reverse shell, so I stucked in the root me room for more than a week. I need help, please anyone suggest me any ideas to overcome this.

Hence P = NP

I cannot watch another second while that marker is making those sounds on that paper. An annoying phobia of mine, don't know why. Even though I really want to watch this well explained, super interesting video.

Is it time to go back to the one time pad, but that of course depends on truly random numbers……

How fast could you calculate 'd' (public key) when using optimized code for QBit Processor? Even when 'p' and 'q' are "difficult" numbers?

please post more computerphile. I find my computer science classes incredibly boring, but these videos I cant stop watching. Makes me love computers!

When you realize it's a coding thing and not about RSA (Republic of South Africa)