Phuctor: Researchers broke RSA 4096-bit keys

Two researchers accomplished with an online tool, their own device called Phuctor, to break 6 4096-bit keys of the strongest encryption available from

The cryptosystem RSA uses a public key to encrypt the data from which a private (which should not be shared) for the purposes of decryption is created.

The public key consists of two values, and one of these is the product of the two large prime numbers. If someone discovers this value, they can identify the private key that corresponds to the public.

This basic principle makes RSA encryption very robust as it is quite difficult to identify the product of the two large first numbers.

The tool Phuctor is the result of the collaboration between Stanislav Datskovskiy and Mircea Popescu. It represents a RSA key of the factorization service that determines whether there is a common factor in the coefficients of two different public keys.

The tool uses the Euclidean algorithm to calculate the maximum common divisor of two large numbers, thus finding a common first number for the calculation of the private key.

To describe how powerful RSA encryption is, Popescu said in a blog post that one could "wait for the key to be calculated shortly before Elvis returns as Queen of England."

One of the keys that broke belongs to Peter H. Anvin (also known as the hPa on the internet) is a respected partner of the open source community, and is also one of the Linux core developers.

The key creation date is 22 September 2011, a date that is considered relatively recent by Popescu, although there is a chance it will no longer be used by its owner.rsa

However, although the news sounds rather worrying, there is no error in the RSA encryption system, but how the keys are created.

Hanno Böck, a German independent journalist who last year analyzed server data that contained public keys. The researcher believed that he discovered a very high percentage of vulnerable keys. With a closer analysis, however, he discovered that the cases he encountered were actually defective keys.

Böck reported that anyone can load such a key on a server without any checks being made.

"However, these keys are not a threat to anyone. "The only case where this could be significant would be to use a broken application of the basic OpenPGP protocol that does not check if the subkeys really belong to the master key," he said.

Registration in via Email

Enter your email to subscribe to the email notification service for new posts.

He also added that the insertion of a damaged key into a local GnuPG installation can not be done as the attempt will be rejected because validation of the signature will not pass.

Read them Technology News from all over the world, with the validity of

Follow us on Google News at Google news