The cryptosystem RSA uses a public key to encrypt the data from which a private (which should not be shared) for the purposes of decryption is created.
The public key consists of two values, and one of these is the product of the two large prime numbers. If someone discovers this value, they can identify the private key that corresponds to the public.
This basic principle makes RSA encryption very robust as it is quite difficult to identify the product of the two large first numbers.
The tool Phuctor is the result of the collaboration between Stanislav Datskovskiy and Mircea Popescu. It represents a RSA key of the factorization service that determines whether there is a common factor in the coefficients of two different public keys.
The tool uses the Euclidean algorithm to calculate the maximum common divisor of two large numbers, thus finding a common first number for the calculation of the private key.
To describe how powerful RSA encryption is, Popescu said in a blog post that one could "wait for the key to be calculated shortly before Elvis returns as Queen of England."
One of the keys that broke belongs to Peter H. Anvin (also known as the hPa on the internet) is a respected partner of the open source community, and is also one of the Linux core developers.
However, although the news sounds rather worrying, there is no error in the RSA encryption system, but how the keys are created.
Hanno Böck, a German independent journalist who last year analyzed server data that contained public keys. The researcher believed that he discovered a very high percentage of vulnerable keys. With a closer analysis, however, he discovered that the cases he encountered were actually defective keys.
Böck reported that anyone can load such a key on a server without any checks being made.
"However, these keys are not a threat to anyone. "The only case where this could be significant would be to use a broken application of the basic OpenPGP protocol that does not check if the subkeys really belong to the master key," he said.
Registration in iGuRu.gr via Email
He also added that the insertion of a damaged key into a local GnuPG installation can not be done as the attempt will be rejected because validation of the signature will not pass.