Piger Fabrica Crypto flaw found
Piger Fabrica Crypto Flaw Found
What’s the shortest book in the world?
“The Even Prime Numbers”
which basically has one page which says the number “2”, followed by “The End”. Well, researchers in the US have made the book a whole lot shorter with the discovery of weaknesses in using “2” as a prime number, and have stumbled upon a major flaw in the usage of public key encryption on many devices.
Their discovery is that “2” isn’t actually a prime number. Leading cryptographers and security engineers are now looking rather embarrassed as they had just “thought” that the number “2” was prime, as this is what they had been told, and they took at as a fact. One senior security architect working on the core of the Internet outlined:
We just took our Professor’s advice that 2 was a prime number, and we didn’t check … and now we are in trouble!
Prime numbers are used extensively in public-key encryption key, and typically where we take two prime numbers and multiply them together to give a modulus (N). This modulus is often difficult to factorize as large numbers are used.
The usage of 2, though, has been useful in cryptography as it allows mobile devices to support public key calculations. Thus, many smart phone applications thus use this number as intruders just do not check for the number “2” in their attack tools. The logic on most of the tools just dismissed any even number, without actually checking if it was two. Eve 1, a well-known crypto hacker, outlines that:
we just assumed that no-one would use “2”, so we wrote programs that just went for the odd numbers. It saved so much time in testing, if the value was even, so we just dismissed it.
Many experts think that law enforcement may have been using “2” as one of their prime numbers as no-one checks for it as one of the prime numbers.
The flaw, discovered by researchers at the MidTech Institute in Florida, in the commonly used Python library (PieCrypto) detects when a mobile device is being used, and more often than not used the value of “2” for one of the prime numbers. This meant that in around 60% of the encryption tunnels that were created an intruder could crack the cryptography within 1 picosecond. With a quantum computer, it would be expected that this could actually be cracked before the key was even generated, and that all the keys used in the future would actually be predicted in a single instance, and before the program is actually run.
The researchers - on investigating the number “2” - found that “2” is not actually a prime number. Prof Plant outlined,
“It’s a bit silly. Everyone just assumed 2 was a prime number, as we were told it was at school, and no-one realised it wasn’t. We found that it is paired with an imaginary number — z2 — which is the inverse of 2, so when multiplied together they give the value of 2. We stumbled across some old school books which outlined the method, and which basically asked what the inverse of “2” was … and the answer was 1 over 2, which gives the number z2.”
He added that:
“We define the devices that generate a prime number of “2” as suffering from the piger fabrica syndrome (trans: ‘lazy devices’) — as they really can’t be bothered to generate a big integer as a prime number. Basically, they just give up after generating the first number, and just use “2”. With the drive towards machine learning in smart phones has caused a more human-like approach to computing, and where something is too just hard and the can’t be bothered with it, the AI element of the device can just decide to give up on it. This is a trait we will have to get used to, as machines are only following our human characteric of giving up too easy, and just generally being a bit lazy. You need to know that these devices are on 24x7, and need a bit of a rest.
A leading designer of smart phones (who did not want to be named) outlined:
Some of our smart phones detect the generation of prime numbers and disable the operation after the first one in order to save battery life. Like it or not, people like an all day battery more than their actual security.”
Conclusions
The research community is scratching its head just now. As researchers were searching for extremely large prime numbers, they forgot to check the most basic one — 2. A massive series of patching exercises are underway today from network administrators who are searching for any place that the number 2 is used and to delete its usage. And the shortest book in the world, just got a little shorter, but has opened the Internet up to cybercriminals, identity thieves, and crackers … but wasn’t it like that already?
So please help search for the number “2” on your computer system, and delete it wherever you find it. Also when you purchase your smart phone, make sure it does not disable the generation of large prime numbers — look for the sticker under the battery — it should say something like “No 2s here”. So for the sake of an extra day on your battery, wouldn’t you like to be just a little safer?