Pinoy math enthusiast finds fast way to decode RSA encryption

[William Knowles <wk () C4I ORG>]

http://www.mb.com.ph/INFO/2001-02/IT020201.asp

[How truthful this is is anyones guess, But I have a feeling we all
will being hearing about Leo de Velez in the days and weeks to come,
and I can only imagine what will happen to the whole computer
security world if this is as easy and simple as he claims.  - WK]

By EDU H. LOPEZ
Friday, 2 February 2001

A Filipino mathematics enthusiast has developed a new method of
decoding RSA (RivestShamir-Adleman) encryption using three simple
formulas.

Leo de Velez has discovered these three formulas are simple forward
equations that allow fast decoding of RSA encryption.

RSA is an Internet encryption and authentication system that uses an
algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard
Adleman.

The RSA algorithm is the most commonly used encryption and
authentication algorithm and is included as part of the Web browser
from Netscape and Microsoft.

It's also part of Lotus Notes, Intuit's Quicken, and many other
products. The encryption system is owned by RSA Security. The company
licenses the algorithm technologies and also sells development kits.

The technologies are part of existing or proposed Web, Internet, and
computing standards.

Here's how the RSA system works. The mathematical details of the
algorithm used in obtaining the public and private keys are available
at the RSA Web site.

Briefly, the algorithm involves multiplying two large prime numbers (a
prime number is a number divisible only by that number and through
additional operations deriving a set of two numbers that constitutes
the public key and another set that is the private key.

Once the keys have been developed, the original prime numbers are no
longer important and can be discarded.

Both the public and the private keys are needed for
encryption/decryption but only the owner of a private key ever needs
to know it.

Using the RSA system, the private key never needs to be sent across
the Internet. The private key is used to decrypt text that has been
encrypted with the public key.

Thus, if I send you a message, I can find out your public key (but not
your private key) from a central administrator and encrypt a message
to you using your public key.

When you receive it, you decrypt it with your private key. In addition
to encrypting messages (which ensures privacy), you can authenticate
yourself to me (so I know that it is really you who sent the message)
by using your private key to encrypt a digital certificate. When I
receive it, I can use your public key to decrypt it.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".