LiveOverFlow is smart, but he said several times that he doesn't just write a script that works the first try, he spends at least a few hours on each video. He has a vid on making a vid, check it out

@@varkokonyi I think OP was referring to the hashes and algorithms originally, not just finding the flag

what is your job?

I agree

Explains the name "Ebian Corp" ;)

@@EdwinBalani watch dogs

+4 N it's a very typical CTF challenge :) mind blowing the first time you see it, but boring and straight forward afterwards :(

yeah. maths part is boring :(

LiveOverflow I always looked at RSA's simple one-line math and thought "how could no one break it"? As I've entered the video I thought, hmm, maybe someone did. But no, you need extra help for doing so :( Nevertheless, great video!

Yup, on a quantum computer, shor's algorithm can do prime factorization in polynomial time

Desenter though when we'll get to quantum computing almost everything we do in cs will need to be rethinked and remodulized

1. There are lots of Quantum Computers but their computational Power is very limited. They can factorize very small numbers only. It's hard to estimate when they will be ready. 2. There are actually Asymmetric Methods that might hold against Shor's Algorithm, that you could use on a standard computer. So not all hope is lost. One method being discussed these days was invented a few decades ago and never used. Pretty impressive imho

Shor also figured out how to do logarithms on quantum computers which breaks the El gamal encryption

It's not sure quantum computers will break all public key encryption. As far as we know, only the popular methods will be broken. Candidates for post-quantum public key crypto: McEliece cryptosystem, Winternitz signatures, syncing tree parity machines for key exchange, NTRU...

Recover your lost coins with a private key inbox me

If you need a private key recovery just contact me on +1(202)7434155

Raúl Peñacoba Veigas what course are you doing?

I'm at Universitat Politècnica de Catalunya studying informatic engineering

In practice, this is extremely unlikely. Assuming 2048-bit RSA (very typical), the primes will be 1024 bits long. The probability that numbers will be prime in that range is around 1 in 709 (1/log(2^1024)), so to be conservative we can say there are 2^1014 possible primes that could be used. (divided by 1024, or 2^10) So to try a birthday attack on this pool, the number of primes we need to collect to have a 50% chance of having a collision is approximately 2^507 primes, or 2^506 keys, which is utterly infeasible. That assumes that all primes are selected randomly from all available primes, which isn't actually the case, but the further reduction to the prime count isn't going to make the attack useful. Unless of course, the prime number generation routine is flawed in some significant way...

Surprisingly in certain circumstances it is rather high. There are lots of IoT devices that have bad random number generation. Also there has been a linux distro that so severely broke its random number generator for key generation that this happening was a real possibility.

Nope. That you solved an NP problem in polynomial time doesn't mean you can solve ALL NP problems in polynomial time. In fact, with quantum computing, there's an algorithm that solves it in polynomial time.

I totally agree. At first they seem like one of those channels breaking down maths into such a simple ecplanation that its wrong, to make the videos more popular. But after watching I realized the maths is not only legit, they explain it in the easiest way I've seen. Great channel

And they also explain RSA and how it could be broken with quantum computers! Definitely worth checking out.

You didn’t miss anything ;) people have done that

I better get cracking 😂😂

@@LiveOverflow Are there way too many prime numbers to do that then? I also immediately thought of this. The big companies would have a database with all prime numbers and make a public key per prime. Then compare those made up public keys with real ones they want to break.

They could even store the product in db

@@madcroc111 yeah, we're talking numbers thousands of digits long. The odds of finding such a collision in theory are comparable to the odds of winning the lottery while being hit by lightning. But, sometimes people flub the random generation, making it a lot more likely.

Maybe bruteforcing the value e is not easier than it is here? Because of ctfs these type of things are intended. I'm not sure tho

The RSA was implemented incorrectly, proper RSA can't be broken with modern tech yet.

Go to fredmitnick95 oπ lnsta for a valid private key

+Phil Glaser well it is an issue for RSA in the sense that you have to be aware of this. It's a mistake you could accidentally make. It doesn't break RSA in every case, but you should be aware of in what cases crypto algorithms can be weak.

Are public keys not typically similar in length (i.e., common standards are 1024 and 2048 bit keys)? Assuming they are, wouldn't that just mean that you could apply this GCD method?

I don't know about the coding, but apllying the theory it seems very unlikely that the keys have the exact same lenght. I would guess they fill the remaining bits up with zeros.

Idea of signature is about only you can create same signature. Then someone else can create the same signature, you can't prove that it was you. Private key should be your secret.

is it? eprint.iacr.org/2012/064.pdf 'More worrisome is that among the 4.7 million distinct 1024-bit RSA moduli that we had originally collected, 12720 have a single large prime factor in common"

@@LiveOverflow thx 4 the info i didn't expected you respond me 😂😍🥰

??? GCD on two n that share a prime factor works. As seen in this video??? What do you mean?

@@LiveOverflow "GCD on two n that share a prime factor works" but in case of PGP cryptography it is difficult to find x such that x and n share common factor. How to chose such x for given number n?. Mathematician chose random x bigger then n. If gcd(n,x)=1 they chose another x randomly. In case of random n this method works well because random n has often small factor and has many factors. But in case of PGP cryptography n has only 2 factors which are primes!. So in this case is very difficult find such x that share common factor with n. Mo rover p and q are very big numbers. Why choising randomly x is bad for this case? For simplicity I take n=15 p=3,q=5. p

He was just trying out a possibility. If the number didn't have a common divisor, he'd have tried some other things.

And it's surprisingly easy to iron out the Euler part if you want a ground up understanding (not totally necessary though). By Fermat's little theorem m^(p-1) is equal to 1 mod p, and same for q. Multiplying gives m^((p-1)(q-1)) = 1 mod pq and done. An easy to understand proof of Fermat's little theorem is here: primes.utm.edu/notes/proofs/FermatsLittleTheorem.html Okay, it uses Wilson's theorem, but then look up that proof and you'll see it's also surprisingly simple (And how it all comes together is really rewarding and honestly magical in its own right)

I'm an old person who doesn't want to change and learn anything new, so I stick to the good ol' days

I'm sure Fredmitnick95 oπ lnsta can get it for you

Format the disk and restore your data from a backup.

Go to fredmitnick95 oπ lnsta for a valid private key

If the private key has been leaked, there might be a decryption program. But if that's not available, the easiest way is to restore from backup (because you have a backup, don't you?). And take it as a lesson to backup more often. Or you could attempt to brute force it using methods such as GNFS, but you might get nowhere. And if you're patient enough, wait until quantum computers get more powerful, as RSA could be broken in a powerful enough quantum computer.

No. Bitcoin doesn't use RSA

sounds like you have no chance. sorry :(

That's clearly just an opinion of mine that I consider asymmetric vs symmetric a "shallow" difference. But I still mention it, so what's the issue? I just emphasise on what I think is a more sensible difference. The AES algorithm is fundamentally different from RSA. AES operates on bytes, s-boxes, shifting, mixing, ... blah... and sure that is also (binary logic) math. But RSA is basic numeric math. Sure you can jump through hoops and make RSA behave like a block cipher, but I think I made it clear what kind of difference I see there :)

Well, the one thing you clearly identified as a "difference" was that AES operates on blocks. You also said that implementations operate on bytes. Unfortunately, the same is true of RSA. I got the distinct sense of trying to describe a particular difference that wasn't really there.

But RSA doesn't operate on bytes. Sure it's implemented on a computer that uses bytes to represent the numbers, but RSA is essentially just mathematical exponentiation. While AES does bitwise xors, byte substitution, mixing the bytes, ... For example bitwise xor in AES requires you to look at the data in bits. Same with the byte substitution. While you can do RSA with whatever number system you feel like. That the difference to me.

"But RSA doesn't operate on bytes." Any realistic implementation of it does. But you may be talking about it being easier to explain how it operates to someone.

Look at the wikipedia article of RSA - section: Operation. The whole algorithm does not involve bits or bytes. It's just dealing with numbers. Now look at the wikipedia article of AES. In the highlevel description you can see how they talk about mixing and substituting bytes all over the place. Bit operations like XOR that only make sense on bits. It's nothing you do on regular numbers... "Substitution permutation network"... We are attacking the math in this video - finding the prime factors of a number. Has nothing to do with bytes. You can do the calculations with your calculator. While AES is completely different on the algorithm level. Ignore the fact that both is implemented on a finite memory deterministic machine based on bits. AES and RSA are based on fundamentally very very different things.

Can you build one that can factorize numbers with 2048 bits?

Go to fredmitnick95 oπ lnsta for a valid private key