rsa已有40多年的历史了，但仍然很棒，可以破解它

I really dislike those CAPTCHA puzzles, and especially when there’s a little bit of a traffic light that you have to select, or where I’m asked to find the crosswalk — in the UK we would call them Zebra crossings, and they don’t look too much like the ones you get in the USA. So I had to smile yesterday, when I logged in to a crypto conference and it give me:

我真的不喜欢这些验证码难题，尤其是当您必须选择一些交通信号灯或被要求在人行横道找到的地方时-在英国，我们将其称为斑马线，而他们没有看起来太像美国了。 所以昨天我登录一个加密货币会议时，我不得不笑了，它给了我：

So, after more than 40 years, RSA is still alive and kicking. In this article I will give you an RSA challenge, and — hopefully — you will be able to crack it and find the rock band:

因此，在40多年后，RSA仍然活着并不断发展。 在本文中，我将向您介绍RSA挑战，并且希望您能够破解并找到摇滚乐队：

Can you find the rock band? 
N=879509040449463763008386484793372267, cipher=850431005415590313843011081245086829

For me. The RSA method is a thing of beauty. For over 40 years it has protected users against cybercrime more than virtually everything else. It is still at the core of PKI, and protects users against fake site, it proves their identities, and it stops other from other spying on their activities. While elliptic curve is beating it in most things, it is still there, and it is still a winner.

为了我。 RSA方法真是太美了。 40多年来，它保护用户免受网络犯罪的侵害比其他任何事情都多。 它仍然是PKI的核心，并保护用户免受假冒网站的侵害，证明其身份，并阻止其他人监视其活动。 尽管椭圆曲线在大多数情况下都胜过它，但它仍然存在，并且仍然是赢家。

认识冠军…… (Meet The Champ …)

In August 1977, The Stranglers were in the charts with “Something Better Change” and something really was changing, and it something that would change the world forever. This was the month that Martin Gardner, in his Scientific American column, posted a challenge of a method that has stood the test of time: RSA.

1977年8月，《扼杀者》以“更好的改变”出现在排行榜中，并且确实发生了变化，它将永远改变世界。 这是马丁·加德纳(Martin Gardner)在《科学美国人》专栏中发表的文章，它对经受了时间考验的方法提出了挑战：RSA。

It related to the work of R(ivest), A(dleman) and S(hamir) and was a puzzle on their discovery of a method which allowed two keys to be created, where one could encrypt, and the other to decrypt. Their work had been based on a proposal from Whitfield Diffie and Martin Hellman on trapdoor functions that could be used to create the key pair.

它与R(ivest)，A(dleman)和S(hamir)的工作有关，这使他们困惑，发现了一种方法，该方法允许创建两个密钥，一个可以加密，另一个可以解密。 他们的工作基于Whitfield Diffie和Martin Hellman关于可用于创建密钥对的活板门功能的建议。

In order to explain the RSA concept, Martin’s provided a background with the Diffie-Hellman method for which he outlined:

为了解释RSA概念，Martin提供了Diffie-Hellman方法的背景知识，他概述了这一点：

Then in 1975 a new kind of cipher was proposed that radically altered the situation by supplying a new definition of “unbreakable.” a definition that comes from the branch of computer science known as complexity theory. These new ciphers are not absolutely unbreakable in the sense of the one-time pad. but in practice they are unbreakable in a much stronger sense than any cipher previously designed for widespread use. In principle these new ciphers can be broken. but only by computer programs that run for millions of years!

然后在1975年提出了一种新的密码，通过提供“牢不可破”的新定义从根本上改变了这种情况。 来自计算机科学分支的定义，称为复杂性理论。 从一次性的意义上讲，这些新密码并不是绝对坚不可摧的。 但是实际上，它们比以前为广泛使用而设计的任何密码都更坚不可摧。 原则上，这些新密码可以被破解。 但只能通过运行数百万年的计算机程序来执行！

Overall the Diffie-Hellman method has had a good run, but it has struggled in recent years to keep up with the processing power for computers, and the millions of years of running are not quite the case in the modern area, and where the original ciphers could now easily be broken with the simplest of computers within minutes.

总体而言，Diffie-Hellman方法运行良好，但近年来一直在努力跟上计算机的处理能力，而在现代地区以及最初的应用中，数百万年的运行情况并非如此。现在，可以在数分钟内用最简单的计算机轻松破解密码。

With the RSA method, Martin Gardner outlined:

通过RSA方法，Martin Gardner概述了：

Their work supported by grants from the NSF and the Office of Naval Research. appears in On Digital Signatures and Public-Key Cryptosystems (Technical Memo 82. April. 1977) issued by the Laboratory for Computer Science Massachusetts Institute of Technology 545 Technology Square. Cambridge Mass. 02139.

他们的工作得到了NSF和海军研究办公室的资助。 出现在麻省理工学院计算机科学实验室545 Technology Square发布的“数字签名和公钥密码系统”(技术备忘录82，1977年4月)上。 剑桥马萨诸塞州02139。

The memorandum is free to anyone who writes Rivest at the above address enclosing a self-addressed. 9-by-12-inch clasp.

该备忘录对任何在上面写有里夫斯特(Rivest)并附有自己地址的人都是免费的。 9 x 12英寸表扣。

On receipt the requesters eventually (it took over four months in many cases) received a precious piece of history:

收到请求者后(在许多情况下，花费了四个月的时间)最终收到了一段宝贵的历史记录：

It seems unbelievable these days, but the original methods were based on two 63-digit prime numbers that would be multiplied to create a 126-digit value:

这些天似乎令人难以置信，但是原始方法基于两个63位素数，这些素数将相乘以创建126位值：

Contrast this with the difficulty of finding the two prime factors of a 125- or 126-digit number obtained by multiplying two 63-digit primes. If the best algorithm known and the fastest of today’s computers were used, Rivest estimates that the running time required would be about 40 quadrillion years’

与此相反，很难找到通过将两个63位质数相乘而获得的125位或126位数字的两个质数因子。 如果使用已知的最佳算法和当今最快的计算机，Rivest估计所需的运行时间约为40万亿年。

A 256-bit number, at its maximum, generates 78-digits [here]:

最多256位数字可生成78位数字[此处]：

115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665, 640,564,039,457,584,007,913,129,639,936

115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665，640,564,039,457,584,007,913,129,639,936

The 40 quadrillion years has not quite happened, and where 512-bit keys are easily broken in Cloud. If you are interested, here is a 512-bit integer value and which has 148 digits, such as [example]:

40万亿年还没有发生，并且512位密钥在Cloud中很容易被破坏。 如果您有兴趣，这里是一个512位整数值，它有148位数字，例如[ example ]：

13,407,807,929,942,597,099,574,024,998,205,846,127,479,365,820,5 92,393,377,723,561,443,721,764,030,073,546,976,801,874,298,166,9 03,427,690,031,858,186,486,050,853,753,882,811,946,569,946,433,6 49,006,084,096

13,407,807,929,942,597,099,574,024,998,205,846,127,479,365,820,5 92,393,377,723,561,443,721,764,030,073,546,976,801,874,298,166,9 03,427,690,031,858,186,486,050,853,753,882,811,946,569,946,096,03

The search for prime numbers, too, has been progressive since 1977, and by 2014, the world discovered a 17,425,170-digit prime number. The finding of prime numbers make the finding of them in the RSA method must easier.

自1977年以来，对素数的搜索也一直在进行，到2014年，全世界发现了17,425,170位的素数。 质数的发现使得在RSA方法中寻找质数必须更加容易。

So the RSA method has been under attack for years, from both discovering prime numbers and also in factorizing. Along with this computing power has increased massively. If think that 40 years that have passed, and take a quick assumption that computing power doubles every year then we get:

因此，从发现素数和分解来看，RSA方法一直受到攻击。 随着这种计算能力的大大提高。 如果以为已经过去了40年，并且快速假设计算能力每年都翻一番，那么我们得到：

1977 4 Quadrillion Years (4,000,000,000,000,000)
1978 2 Quadrillion Year
1979 1 Quadrillion Year...2015 3,637 years

and if we get an NVIDIA card with 4,000 processors, we take it to less than a year, and we get of few of them today into a cluster, and we crack it within one day! The FREAK vulnerability was actually caused by the limiting of RSA keys, due to US Export controls, to 512-bits [view].

如果我们获得了带有4,000个处理器的NVIDIA卡，我们将其用了不到一年的时间，而今天只有很少的一个卡成为一个集群，我们可以在一天内破解它！ 所述FREAK漏洞实际上是由RSA密钥的限制引起的，由于美国出口控制，以512位[视图]。

The RSA paper has become one of the most cited papers in the whole of computer science — with 22,019 citations [here]:

RSA论文已成为整个计算机科学中被引用次数最多的论文之一，被引证为22,019 [ here ]：

So let’s see if we can crack our RSA cipher puzzle …

因此，让我们看看能否破解RSA密码难题……

RSA的基础 (The basics of RSA)

The basics of RSA is that we have two random prime numbers (p and q) and then create a modulus (N):

RSA的基础是我们有两个随机质数(p和q)，然后创建一个模数(N)：

N=pq

N = pq

Now we calculate PHI:

现在我们计算PHI：

PHI=(p-1)(q-1)

PHI =(p-1)(q-1)

Now we select an encryption key value (e) that does not share a factor with PHI. If we select a low prime number, we should be able to select any value, but the most common value is 65,537. Our encryption key is (e,N), and we encrypt with:

现在，我们选择与PHI不共享因子的加密密钥值(e)。 如果选择低质数，则应该可以选择任何值，但是最常见的值是65537。 我们的加密密钥为(e，N)，我们使用以下方法加密：

M^e (mod N)

M ^ e(mod N)

To calculate our decryption key value (d) we find:

要计算我们的解密密钥值(d)，我们发现：

d . e (mod PHI) = 1

d。 e(mod PHI)= 1

The value of d can be found with the inverse of e mod N. The code to perform the decryption once we know the cipher value (c), p and q [here]:

可以通过e mod N的倒数找到d的值。一旦知道密码值(c)，p和q [此处]，执行解密的代码：

https://asecuritysite.com/encryption/rsa12_2
from Crypto.Util.number import long_to_bytes
import libnum
import sys

p=954354002755510667
q=801297755486859913
c=607778777406675887172756406181993732
#N=764721720347891218098402268606191971


n = p*q
PHI=(p-1)*(q-1)

e=65537
d=(libnum.invmod(e, PHI))


res=pow(c,d, n)

print ("Cipher: ",c)
print ("p: ",p)
print ("q: ",q)

print ("\n=== Calc ===")
print ("d=",d)
print ("n=",n)
print ("Decrypt: %s" % ((long_to_bytes(res))))

So the challenge is to factor the value of N, and if we have used relatively small prime numbers — such as below 128 bits — we can easily factorize N, in p and q, and then decrypt the cipher.

因此，挑战在于分解N的值，如果我们使用了相对较小的质数(例如，低于128位)，则可以轻松分解p和q中的N，然后解密密码。

If we get a challenge of:

如果我们面临以下挑战：

Can you find the city in England? N=826382916071823972711332001902568877 cipher=511617430183577168370958189976920833

We can use a factorization program [factor] to factorize N:

我们可以使用分解程序[ factor ]分解N：

Next we can just copy-and-paste our values:

接下来，我们可以复制并粘贴我们的值：

And, our cipher becomes “york”.

而且，我们的密码变成“约克”。

结论 (Conclusions)

I live and work in a beautiful city — Edinburgh — but for me, the RSA method is just as beautiful.

我在一个美丽的城市-爱丁堡生活和工作，但是对我来说，RSA方法同样漂亮。

So what is the rock band?

那么什么是摇滚乐队？

N=879509040449463763008386484793372267, cipher=850431005415590313843011081245086829

翻译自: https://medium.com/asecuritysite-when-bob-met-alice/rsa-over-40-years-old-and-still-amazing-lets-crack-it-6eaf279326c3