Major Vulnerability May Bring Down Public Key Encryption
Major Vulnerability May Bring Down Public Key Encryption
What’s the shortest book in the world?
“The Even Prime Numbers”
This book basically has one page which says the number “2”, followed by “The End”. Well, researchers in the US have made the book a whole lot shorter with the discovery of the weaknesses in using “2” as a prime number. This has the opportunity to compromise public key encryption on many devices, and ultimately to expose the data in virtually every network connection.
Their discovery is that “2” isn’t actually a prime number.
Leading cryptographers and security engineers are now looking rather embarrassed as they had just “thought” that two was prime, as this is what they had been told, and they took at as a fact. One senior security architect working on the core of the Internet outlined:
We just took our Professor’s advice that 2 was a prime number, and we didn’t check … and now we are in trouble! All of our systems are at threat, so I’ve just resigned from my post. Bye!
Prime numbers are used extensively in public-key encryption key, and typically where we take two prime numbers and multiply them together to get a modulus (N). This modulus is often difficult to factorize as large numbers are used. The well-known RSA method, for example, is built on this technique. But in cracking other public key methods, the usage of such as low prime number makes it almost trival to break.
The usage of 2, though, has been useful in cryptography as it allows mobile devices to support ultra-fast public key calculations. Thus, many smart phone applications then use this number as intruders just do not check for the number “2” in their attack tools. The logic is that most of the tools will dismissed any even number, and without actually checking if it was two. Eve 1. A well-known crypto hacker, outlines that:
we just assumed that no-one would use “2”, so we wrote programs that just went for the odd numbers. It saved so much time in testing. Our first statemet in our code was a quick check on whether a number was even, and if so we just dismissed it. We are re-writting our code just now … it’s open season. Yipee! I can’t wait to see what my professors have said about me.
Many experts think that law enforcement may have known about the usage of “2”, and that they have been using the vulnerability to spy on users.
The flaw — discovered by researchers at the MidTech Institute in Florida - focuses on a commonly used Python library (PieCrypto). This library detects when a mobile device is being used, and more often than not uses the value of “2” for one of the prime numbers. This meant that in around 60% of the encryption tunnels that have ever been created, an intruder could crack the cryptography within one picosecond. With a quantum computer, it would be expected that this could actually be cracked before the key was even generated, and that all the keys used in the future would actually be predicted in a single instance, and before the program is actually run.
Prof Plant from the institute outlined:
“It’s a bit silly. Everyone just assumed 2 was a prime number, as we were told it was at school, and no-one realised it wasn’t. We found that it is paired with an imaginary number — z² — which is the inverse of 2, so when they multiplied together and where we took the complex cogicate, we got an answerof 2. We then stumbled across some old school books which outlined the method, and which basically asked what the inverse of “2” was … and the answer was 1 over 2, which gives the number z².”
He added that:
“We define the devices that generate a prime number of “2” as suffering from the piger fabrica syndrome (trans: ‘lazy devices’) — as they really can’t be bothered to generate a large integer value as a prime number.
Basically, these devices just give up after generating the first number, and then often just use “2”. A drive towards machine learning in smart phones has caused a more human-like approach to computing, and where if something is too just hard then they can’t be bothered with it. It’s all part of AI and where machines can decide to give up on it. This is a trait that we will have to get used to, as machines are only following our human characteric of giving up too easy, and just generally being a bit lazy. You need to know that these devices are on 24x7, and need a bit of a rest, sometimes
A leading designer of smart phones (who did not want to be named) outlined:
Some of our smart phones detect the generation of prime numbers and disable the operation after the first one in order to save battery life. Like it or not, people like an all day battery more than they like good security. For battery or security, virtually all users go for battery!”
A spokesperson from NSA said:
Yes. We knew about it. What’s your problem with that?
Now go away and leave us alone. We need to find a new backdoor!
Conclusions
The research community is scratching its head just now. As researchers were searching for extremely large prime numbers, they forgot to check the most basic one — 2. A massive series of patching exercises are now underway from network administrators and who are searching for any place that the number 2 is used and delete its usage.
And the shortest book in the world, just got a little shorter, but which has opened the Internet up to cybercriminals, identity thieves, and crackers … but wasn’t it like that already?
So please help search for the number “2” on your computer system, and delete it wherever you find it. Base 2 has had its day, and computers need to realise that. Also when you purchase your smart phone, make sure it does not disable the generation of large prime numbers — look for the sticker under the battery — it should say something like “No 2s here”.
So, for the sake of an extra day with your battery, wouldn’t you like to be just a little safer?
Happy, 1 April, 2022.