Submitted via IRC for Bytram
Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event
On September 19, in a conference room at the Pelican Hill Resort in Newport Beach, California, Crown Sterling CEO Robert Grant, COO Joseph Hopkins, and a pair of programmers staged a demonstration of Grant's claimed cryptography-cracking algorithm. Before an audience that a Crown Sterling spokesperson described as "approximately 100 academics and business professionals," Grant and Hopkins had their minions generate two pairs of 256-bit RSA encryption keys and then derive the prime numbers used to generate them from the public key in about 50 seconds.
In a phone interview with Ars Technica today, Grant said the video was filmed during a "business session" at the event. The "academic" presentation, which went into math behind his claims and a new paper yet to be published, was attended by "mostly people from local colleges," Hopkins said. Grant said that he didn't know who attended both sessions, and the CEO added that he didn't have access to the invitation list.
During the presentation, Grant called out to Chris Novak, the global director of Verizon Enterprise Solutions' Threat Research Advisory Center, naming him as a member of Crown Sterling's advisory board. The shout-out was during introductory remarks that Grant made about a survey of chief information security officers that the company had conducted. The survey found only 3% had an understanding of the fundamental math behind encryption.
The video of the demonstration is here. (The video was briefly marked as private, but is now back again.) The demo was displayed from a MacBook Pro, but it appeared that it was being run in part via a secure shell session to a server. Grant claimed that the work could be used to "decrypt" a 512-bit RSA key in "as little as five hours" using what Grant described as "standard computing."
The demonstration only raises more skepticism about Grant's work and about Crown Sterling's main thrust—an encryption product called Time AI that Grant claims will use the time signature of AI-generated music to generate "quantum-entangled" keys. Grant's efforts to show how weak long-cracked versions of RSA are was met with what can only be described as derision by a number of cryptography and security experts.
Mark Carney, a PhD candidate at the University of Leeds, used Msieve, a well-established factoring method, on his laptop. Carney cracked compound numbers larger than RSA keys into primes in about 20 seconds. "These [were] not 256-bit keys, just larger-than 256-bit numbers," he explained, but "these are using standard quadratic sieve methods. So long as I haven't messed this preliminary test up too much, this is un-optimized Msieve out-performing Crown Sterling's algorithm by roughly 50 percent."
Henryk Plötz, a computer scientist in Berlin, ran a test of his own, with similar results:
Well, this is Sagemath on my Ultrabook (X1 Carbon 2017).
I'm assuming the default implementation is single-threaded. So, "50 seconds" is exactly the expected performance on a 4-core laptop. pic.twitter.com/2WlvZaR0vk— Henryk Plötz (@henrykploetz) September 20, 2019
Related: Claim: SHA-256 has been Broken
(Score: 2) by JoeMerchant on Monday September 23 2019, @02:47PM
Now, three decades later, the only thing that I truly took away from that course is: asymmetric encryption using public/private key pairs is a thing. Which, I suppose, is not a total waste of three credit hours.
If I were to do anything that really "mattered" with encryption, I'd self-study the source material until a clear picture came through - not a "oh, I can barely see how to make this look like it's working" level of understanding, which - to be honest - is better than average in most of the field, but an actual: "here are the available parameters and this is what happens as you adjust them..."
Since I mostly just dabble with crypto-tech as thought exercise / hobby, my favorite implementation is: algorithm X - insert whatever is appropriate, and make sure your coding / data designs can handle changing X to Y to Z without a major rewrite. This, too, seems beyond many of the "serious" implementations out there...
🌻🌻 [google.com]