Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [rsa]

An asymmetric (e.g. public-key) cryptosystem, based on modular exponentiation with big exponents and modulus. RSA can be used both for signature and encryption with proper paddings.

RSA is named after its inventors Ronald L. Rivest, Adi Shamir, and Leonard Adleman.

The security of RSA depends on the hardness to factor big numbers (e.g. the public key) into its prime factors (to derive the private key) and RSA problem.

2845 questions
182
votes
4 answers

Why is elliptic curve cryptography not widely used, compared to RSA?

I recently ran across elliptic curve crypto-systems: An Introduction to the Theory of Elliptic Curves (Brown University) Elliptic Curve Cryptography (Wikipedia) Performance analysis of identity management in the Session Initiation Protocol (SIP)…
Vineet Menon
  • 2,025
  • 3
  • 14
  • 10
147
votes
1 answer

Why does my SSH private key still work after changing some bytes in the file?

I (for a test) just randomly altered a private RSA key by opening it up in Vim and changing a few bytes. It is the private part of an SSH key pair used for logging in on a remote system. Puzzlingly, it still allows me to login. I did some research…
PhilPotter1987
  • 1,093
  • 2
  • 8
  • 6
132
votes
7 answers

How big an RSA key is considered secure today?

I think 1024 bit RSA keys were considered secure ~5 years ago, but I assume that's not true anymore. Can 2048 or 4096 keys still be relied upon, or have we gained too much computing power in the meanwhile? Edit: Lets assume an appropriate padding…
Inaimathi
  • 1,587
  • 3
  • 11
  • 15
101
votes
6 answers

How can I generate large prime numbers for RSA?

What is the currently industry-standard algorithm used to generate large prime numbers to be used in RSA encryption? I'm aware that I can find any number of articles on the Internet that explain how the RSA algorithm works to encrypt and decrypt…
Lukman
  • 1,417
  • 2
  • 14
  • 11
98
votes
3 answers

How does RSA signature verification work?

I understand how the RSA algorithm works for encryption and decryption purposes but I don't get how signing is done. Here's what I (think) I know and is common practice: If I have a message that I want to sign, I don't sign the message itself but I…
Krumelur
  • 1,205
  • 2
  • 11
  • 8
98
votes
4 answers

Does Schnorr's 2021 factoring method show that the RSA cryptosystem is not secure?

Claus Peter Schnorr recently posted a 12-page factoring method by SVP algorithms. Is it correct? It says that the algorithm factors integers $N \approx 2^{400}$ and $N \approx 2^{800}$ by $4.2 \cdot 10^{9}$ and $8.4 \cdot 10^{10}$ arithmetic…
Blanco
  • 1,632
  • 1
  • 11
  • 20
83
votes
7 answers

How are primes generated for RSA?

As I understand it, the RSA algorithm is based on finding two large primes (p and q) and multiplying them. The security aspect is based on the fact that it's difficult to factor it back into p and q. Now, since RSA keys are so large (often 1024 bits…
Vilx-
  • 1,247
  • 1
  • 9
  • 14
80
votes
3 answers

Impacts of not using RSA exponent of 65537

This RFC says the RSA Exponent should be 65537. Why is that number recommended and what are the theoretical and practical impacts & risks of making that number higher or lower? What are the impacts of making that value a non-Fermat number, or…
makerofthings7
  • 2,631
  • 1
  • 22
  • 37
78
votes
1 answer

Can you explain Bleichenbacher's CCA attack on PKCS#1 v1.5?

I've studied that the Bleichenbacher's CCA attack on PKCS#1 v1.5. is a base to many versions of attacks in the area. I'm trying to understand that attack, but every explanation I saw starts with the technical details, without giving some overview,…
Bush
  • 2,160
  • 3
  • 18
  • 27
72
votes
4 answers

How can I use asymmetric encryption, such as RSA, to encrypt an arbitrary length of plaintext?

RSA is not designed to be used on long blocks of plaintext like a block cipher, but I need to use it to send a large (encrypted) message. How can I do this?
foobarfuzzbizz
  • 3,256
  • 3
  • 24
  • 25
62
votes
3 answers

Definition of textbook RSA

What is the definition of textbook or "raw" RSA? What are some of the properties of textbook RSA? How does it differ from other schemes based on RSA?
Bobby S
  • 1,973
  • 4
  • 23
  • 30
62
votes
4 answers

Why hash the message before signing it with RSA?

The diagram below illustrates the process of digitally signing a message with RSA: As diagram shows, the message is first hashed, and the signature is then computed on the hash, rather than on the full message. Why hash the data before signing it?…
evening
  • 1,383
  • 3
  • 15
  • 22
60
votes
3 answers

RSA encryption with private key and decryption with a public key

When using the RSA cryptosystem, does it still work if you instead encrypt with the private key and decrypt with the public key? What about in the case of using RSA for sender authentication?
Humam Shbib
  • 755
  • 1
  • 6
  • 4
55
votes
2 answers

What security authorities and standards reject $e=3$ in RSA, when, and with what rationale?

 In RSA, some security authorities and/or standards allow the public exponent $e=3$, others require or recommend $e>2^{16}$ (or perhaps some other minimum). I gathered the following: PKCS#1 allows $e=3$ for both RSA digital signature and encryption…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
54
votes
10 answers

Now that quantum computers have been out for a while, has RSA been cracked?

D-wave systems has released a commercially viable quantum computer. This means in theory, that all asymmetric encryption algorithms — such as RSA — are now useless due to the speed at which quantum computers can factor. Has RSA been cracked yet? If…
bbosak
  • 961
  • 1
  • 6
  • 9
1
2 3
99 100