Page 1 of 2

What would you do if you hacked RSA?

Posted: Mon Feb 25, 2008 10:12 am UTC
by skeptical scientist
Suppose you found a way to defeat RSA encryption. Maybe you discovered an efficient algorithm to factor large semiprimes, or else to invert modular exponentiation. Or possibly you tinkered together a working quantum computer out of chewing gum and baling wire. What would you do with it? Publicize it to get famous and cause a furor as the world of secure computing was turned upside-down overnight? Hack into the CIA database and find out whether the supposed "moon landing" really was filmed at a sound stage on Mars? Bankrupt the Republican National Committee with large anonymous donations to Amnesty International, Greenpeace and the United Negro College Fund? What?

Re: What would you do if you hacked RSA?

Posted: Mon Feb 25, 2008 12:43 pm UTC
by Robin S
I would let everyone know I had broken it, to see how they reacted. My guess would be that most would probably dismiss me as a crackpot; I might get some interest from a handful of mathematicians and possibly intelligence agencies, depending on how credible my claim seemed to others.

Re: What would you do if you hacked RSA?

Posted: Mon Feb 25, 2008 1:24 pm UTC
by insom
I make it publicly known that I hacked it, then wait some time (<2 days) to give governments some time to react, and then publish the exact method.
I would publish it in a way so that it will be publicly available even if I am incapacitated in the meantime.

Re: What would you do if you hacked RSA?

Posted: Mon Feb 25, 2008 5:09 pm UTC
by Robin S
You might find that more difficult to achieve than you'd at first imagine.

Re: What would you do if you hacked RSA?

Posted: Mon Feb 25, 2008 5:12 pm UTC
by davean
Robin S wrote:You might find that more difficult to achieve than you'd at first imagine.


Guarantied publishing of content is an entirely different matter probably worth discussion.

Re: What would you do if you hacked RSA?

Posted: Mon Feb 25, 2008 6:23 pm UTC
by Rysto
Collect my Abel Prize and the million dollars that comes with it?

Re: What would you do if you hacked RSA?

Posted: Mon Feb 25, 2008 7:19 pm UTC
by Stereo
Robin S wrote:You might find that more difficult to achieve than you'd at first imagine.

Depends what form the solution takes...


If it's a cobbled together quantum computer, then yeah it might be hard to spread.

If it's just a new method for factoring large numbers (etc.) then it shouldn't be hard to make a few hard copies, and spread it on the internet as well. We can see from that hexadecimal key to unlock DVDs how hard it is for corporations to block information from spreading, even if they get Digg to take it down there are other sites.

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 12:34 am UTC
by Robin S
Maybe, though I think there'd be more motivation to prevent a method of cracking RSA from spreading than something which can unlock DVDs. Even if the intelligence agencies themselves using something harder to break, they'd still have a vested interest in stopping things such as the potential collapse of the economy.

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 1:33 am UTC
by notzeb
I'd contact 10 random people, explain the algorithm to them, and kindly ask them all to be enemies.

Last man standing wins... something. World domination?

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 4:01 am UTC
by btilly
skeptical scientist wrote:Suppose you found a way to defeat RSA encryption. Maybe you discovered an efficient algorithm to factor large semiprimes, or else to invert modular exponentiation. Or possibly you tinkered together a working quantum computer out of chewing gum and baling wire. What would you do with it? Publicize it to get famous and cause a furor as the world of secure computing was turned upside-down overnight? Hack into the CIA database and find out whether the supposed "moon landing" really was filmed at a sound stage on Mars? Bankrupt the Republican National Committee with large anonymous donations to Amnesty International, Greenpeace and the United Negro College Fund? What?

Definitely publicize it. I would start with a press release with the answers to the RSA factoring challenge. That is just to make people take me seriously.

I'd expect that before any government organization could organize a response, the fact that it had been done would be common knowledge. I'd further expect that no matter how incomplete my description was, the knowledge that it could be done like that would be so motivating that it would be discovered over and over again. Furthermore by the time any government organization figured out a response, they'd be painfully aware of that fact. That fact alone would be a substantial amount of protection. I hope.

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 5:05 am UTC
by skeptical scientist
Man, how come nobody here wants to take the opportunity to do some seriously groundbreaking investigative journalism? Imagine being able to read all of Bill Gates' private email. Next time you suspect a corporate cover-up, read all the email between the key players, and then publish the incriminating bits. Write software to track online banking use of politicians believed to be corrupt! There have to be more interesting things you could do than just say, "Oh, yeah, I broke RSA; now go find new ciphers so I can't get up to any mischief."

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 5:10 am UTC
by Robin S
Of course, for all you know someone's already doing all that for their own amusement. Perhaps they're even intercepting emails between mathematicians, gently misguiding them so that no-one else will discover their secret.

On the other hand, it could be quite fun to have someone else believe they're intercepting scandalous information when in fact you planted it (after all, with RSA cracked you could presumably fake digital signatures). It would be even more entertaining when that person released said scandalous information to the press and its supposed incriminatees are as surprised as anyone else as to the content.

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 5:23 am UTC
by TomBot
It seems like the legitimate benefits of going public are pretty sweet, so I'd probably stick with that. However, a key point in the strategy is to release a full implementation onto the internet immediately - you wouldn't want to be killed in your sleep by the NSA :-). Hmm, I wonder if you'd get arrested for stuff like that. It probably runs afoul of the DMCA, at least.

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 5:29 am UTC
by Robin S
If you're planning to go that route, you should probably release it anonymously from an Internet cafe or similar untraceable location (unless you're in it for the glory).

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 6:20 am UTC
by coppro
TomBot wrote:It seems like the legitimate benefits of going public are pretty sweet, so I'd probably stick with that. However, a key point in the strategy is to release a full implementation onto the internet immediately - you wouldn't want to be killed in your sleep by the NSA :-). Hmm, I wonder if you'd get arrested for stuff like that. It probably runs afoul of the DMCA, at least.
Set data bombs - find a number of free hosting providers (preferably in different countries), and stick your entire implementation there. Then hide it behind a script that won't reveal it for N amount of time (you would need more providers the longer you wanted to wait), and publicize the URLs. That way, you can't be shut up because the information will come out publicly unless you intervene directly.

Also, the classy way to do this would be to encrypt the proof in a method that only it can solve, then show that you can decrypt it, magically making the answer appear. :lol:

Re: What would you do if you hacked RSA?

Posted: Tue Feb 26, 2008 6:57 am UTC
by davean
coppro wrote:
TomBot wrote:It seems like the legitimate benefits of going public are pretty sweet, so I'd probably stick with that. However, a key point in the strategy is to release a full implementation onto the internet immediately - you wouldn't want to be killed in your sleep by the NSA :-). Hmm, I wonder if you'd get arrested for stuff like that. It probably runs afoul of the DMCA, at least.
Set data bombs - find a number of free hosting providers (preferably in different countries), and stick your entire implementation there. Then hide it behind a script that won't reveal it for N amount of time (you would need more providers the longer you wanted to wait), and publicize the URLs. That way, you can't be shut up because the information will come out publicly unless you intervene directly.


This may assume they don't have and can't get logs of your connection. Maybe not the smartest thing to bet your life on.

Now, you could hike over to a public terminal somewhere ... make sure it isn't obvious which or when by the time someone would be looking.

Re: What would you do if you hacked RSA?

Posted: Fri Feb 29, 2008 2:03 pm UTC
by Arancaytar
insom wrote:I make it publicly known that I hacked it, then wait some time (<2 days) to give governments some time to react, and then publish the exact method.
I would publish it in a way so that it will be publicly available even if I am incapacitated in the meantime.


Prediction: Those 2 days will be the most interesting and possibly also the last of your life. Secrets that endanger the national security of several nuclear powers are not healthy for a brain to contain...

---

Also, Dan Brown can hold suspense, but is effing clueless when it comes to technology or mathematics. <_<

Re: What would you do if you hacked RSA?

Posted: Fri Feb 29, 2008 4:19 pm UTC
by Robin S
Got the Digital Fortress reference, and agree wholeheartedly. I quite enjoyed the book, but not for its realism. The same can be said of The Da Vinci Code, the only other of his books that I've read so far.

Re: What would you do if you hacked RSA?

Posted: Sun Mar 02, 2008 5:25 pm UTC
by Torvaun
It bothers me when a vital plot point to build suspense can be rendered moot by pulling the plug, and restoring from backups if needed. Also, I have a hard time believing that someone wouldn't realize it when they got hit in the chest by a beanbag moving fast enough to cause bruising.

EDIT: Oh, yeah, the RSA thing. I'm going to say publish it. Not really tell people that I'm publishing it though, just make an anonymous update to the RSA page on Wikipedia. See how long it lasts before someone picks up on it. On the other hand, that path wouldn't get me fame or fortune, so in the event that this actually happens to me, I'm probably going to make a crapload of money in the stock market, then release it publically.

Re: What would you do if you hacked RSA?

Posted: Sun Mar 02, 2008 6:38 pm UTC
by someguy
Robin S wrote:I might get some interest from (...) intelligence agencies

You mean the kind of interest that makes you disappear off the face of the Earth?

Edit: Oh, also: I'd post my method on Fleeting/Random Thoughts :D.

Re: What would you do if you hacked RSA?

Posted: Sun Mar 02, 2008 7:53 pm UTC
by notzeb
Torvaun wrote:Oh, yeah, the RSA thing. I'm going to say publish it. Not really tell people that I'm publishing it though, just make an anonymous update to the RSA page on Wikipedia. See how long it lasts before someone picks up on it. On the other hand, that path wouldn't get me fame or fortune, so in the event that this actually happens to me, I'm probably going to make a crapload of money in the stock market, then release it publically.

It's one or the other - publicly publish, or make money on the stock market. You can't have your cake and eat it too...

Hmm, instead of my earlier plan, I could make a ton of money on the stock market, and start my own secret organization. On top of blackmailing politicians to put more money into science related fields, we'd spend a whole bunch of this money on R&D ourselves. To speed up our R&D, we'd eavesdrop on every other groups' breakthroughs, as well. We'd build giant robots, universal constructors, strong AIs, zombie viruses, etc. It would be deliciously evil. :twisted:

Re: What would you do if you hacked RSA?

Posted: Sun Mar 02, 2008 9:17 pm UTC
by Robin S
someguy wrote:You mean the kind of interest that makes you disappear off the face of the Earth?
Not necessarily. Think about it: any intelligence agency which can break RSA is going to have a distinct advantage over other intelligence agencies. Since I'm hardly going to contact the NSA or whomever directly, they might well be on the lookout for people claiming to have cracked it so that they can buy the method for themselves and also buy the person in question's silence (the person will know that their life is potentially at risk, but they also have the upper hand as they have the method).

Re: What would you do if you hacked RSA?

Posted: Sun Mar 02, 2008 11:17 pm UTC
by Torvaun
notzeb wrote:
Torvaun wrote:Oh, yeah, the RSA thing. I'm going to say publish it. Not really tell people that I'm publishing it though, just make an anonymous update to the RSA page on Wikipedia. See how long it lasts before someone picks up on it. On the other hand, that path wouldn't get me fame or fortune, so in the event that this actually happens to me, I'm probably going to make a crapload of money in the stock market, then release it publically.

It's one or the other - publicly publish, or make money on the stock market. You can't have your cake and eat it too...

Not necessarily. Make money on the stock market with high-yield, high-risk investments, cash out, invest my money more sensibly, such that I could reasonably live off the interest, focus all my energies on crypto stuff, then announce RSA a few years later. It looks legit enough to get me through an SEC investigation, especially if I lose big a couple times on my way to financial solvency.

Re: What would you do if you hacked RSA?

Posted: Tue Mar 04, 2008 2:31 am UTC
by Gatesunder
I would be ironic about it and encrypt the method using RSA and then post it everywhere I could saying that within this encrypted file lies the secrets to breaking RSA. I could imagine that spurring others to attempting to find a crack for RSA that I hadn't found or perhaps a new technique in cryptanalysis or maybe even a new method of encryption based on a technique that failed them in breaking RSA . . .

I would use scare tactics or something else that would get the medias attention such that it becomes a widely publicized topic. Heck . . . maybe I would even crack into media websites and post an article I made using the technique to get past their security. Who needs to "sound" legitimate when you could "be" legitimate.

Re: What would you do if you hacked RSA?

Posted: Tue Mar 04, 2008 6:40 pm UTC
by zenten
I'd just publish it, in such a way that it is out there very fast among many countries, and it is obvious that I did it.

Blackmailing and all that seems like too much risk, and I would already be able to live a life of nice luxury without having to work another day. Why risk my life and my freedom for more?

Re: What would you do if you hacked RSA?

Posted: Tue Mar 04, 2008 6:58 pm UTC
by Yakk
Security doesn't solely lie in RSA, or every other encryption protocol. Most systems have multiple levels of security, ranging from social to physical to tracking based.

Being able to defeat the encryption security is useful, but not sufficient for highly profitable and untraceable wide-spread fraud.

On the other hand, winning the million dollar prise for cracking RSA (someone made a reference to one, I think) is reasonably highly profitable. In addition, as the person who cracked RSA, if you can manage any kind of other respectability, you can probably translate that to a job in academia or other similar areas. Just the panache of having you on staff would be worth something.

Arranging for a semi-delayed publishing isn't that hard. Use multiple courier services containing the abstract sent to many places as one layer of redundancy (up to and including a local bike courier). Sure, it might leak out early...

You could also try to distribute the data widely on usenet under some semi-weak encryption key (ie, something that should take 100 to 1000 computer-years). Getting it out in 2 days isn't guaranteed, but it will get out most likely if people become aware of what is inside the package.

Re: What would you do if you hacked RSA?

Posted: Tue Mar 04, 2008 9:51 pm UTC
by zenten
Yakk wrote:Security doesn't solely lie in RSA, or every other encryption protocol. Most systems have multiple levels of security, ranging from social to physical to tracking based.

Being able to defeat the encryption security is useful, but not sufficient for highly profitable and untraceable wide-spread fraud.

On the other hand, winning the million dollar prise for cracking RSA (someone made a reference to one, I think) is reasonably highly profitable. In addition, as the person who cracked RSA, if you can manage any kind of other respectability, you can probably translate that to a job in academia or other similar areas. Just the panache of having you on staff would be worth something.

Arranging for a semi-delayed publishing isn't that hard. Use multiple courier services containing the abstract sent to many places as one layer of redundancy (up to and including a local bike courier). Sure, it might leak out early...

You could also try to distribute the data widely on usenet under some semi-weak encryption key (ie, something that should take 100 to 1000 computer-years). Getting it out in 2 days isn't guaranteed, but it will get out most likely if people become aware of what is inside the package.


Why is that needed?

Just send it out on some usenet lists at the same time you publish it on some web forums hosted in various countries.

Re: What would you do if you hacked RSA?

Posted: Tue Mar 04, 2008 10:39 pm UTC
by Yakk
Someone was trying for high probability delayed publication.

Note that the "encrypted with relatively weak encryption" has the bonus that it can be distributed without people learning what they are distributing. And if you can release the key, you can make it public at a known time: if you fail to release the key, but just that the information contained, it becomes public at some unknown future time. Only if you fail to release the key and fail to release that the information is important does it stay secret.

Re: What would you do if you hacked RSA?

Posted: Tue Mar 04, 2008 10:59 pm UTC
by btilly
Yakk wrote:Someone was trying for high probability delayed publication.

Note that the "encrypted with relatively weak encryption" has the bonus that it can be distributed without people learning what they are distributing. And if you can release the key, you can make it public at a known time: if you fail to release the key, but just that the information contained, it becomes public at some unknown future time. Only if you fail to release the key and fail to release that the information is important does it stay secret.

Make sure the package that is sent says in unencrypted form what it includes, as proof factors several well-known RSA keys that have not yet been factored by anyone, and contains the public key that the attachment is encrypted with. With a small enough key chosen that it can be cracked by a motivated party with standard techniques in about 2 months. Make sure the encrypted message says exactly who discovered the result.

That clearly establishes the importance of the document, guarantees wide-spread distribution, guarantees that the message will be read, and guarantees that you get properly attributed for the discovery.

Re: What would you do if you hacked RSA?

Posted: Tue Mar 04, 2008 11:24 pm UTC
by TomBot
Torvaun wrote:EDIT: Oh, yeah, the RSA thing. I'm going to say publish it. Not really tell people that I'm publishing it though, just make an anonymous update to the RSA page on Wikipedia. See how long it lasts before someone picks up on it.


It'd get reverted: WP:NOR

Re: What would you do if you hacked RSA?

Posted: Wed Mar 05, 2008 12:00 pm UTC
by Arancaytar
Robin S wrote:Got the Digital Fortress reference, and agree wholeheartedly. I quite enjoyed the book, but not for its realism. The same can be said of The Da Vinci Code, the only other of his books that I've read so far.


Heh. I'm not a historian though, so I was able to enjoy the Da Vinci Code with more suspension of disbelief (although of course I've since been made aware of the amount of horse droppings it contains). Presumably, the same goes for Vatican scholars & particle physicists regarding Angels & Demons. BS is only annoying when it relates to your area of expertise.

TomBot wrote:
Torvaun wrote:EDIT: Oh, yeah, the RSA thing. I'm going to say publish it. Not really tell people that I'm publishing it though, just make an anonymous update to the RSA page on Wikipedia. See how long it lasts before someone picks up on it.


It'd get reverted: WP:NOR


Given how many people are going to take your proof seriously and even bother to check it, it would probably fall victim to the WP:NBS policy first.

Robin S wrote:
someguy wrote:You mean the kind of interest that makes you disappear off the face of the Earth?
Not necessarily. Think about it: any intelligence agency which can break RSA is going to have a distinct advantage over other intelligence agencies. Since I'm hardly going to contact the NSA or whomever directly, they might well be on the lookout for people claiming to have cracked it so that they can buy the method for themselves and also buy the person in question's silence (the person will know that their life is potentially at risk, but they also have the upper hand as they have the method).


... until they actually sell the method to the agency in question, and become a liability.

No, quite aside from the moral qualms I'd have with aiding the agency of a single nation, I doubt that it would be possible to safely barter for anything other than academic fame with this (which is based on everyone knowing the method and its creator, hence plenty of witnesses and no point in offing you.)

Edit: Wait, I think you could try to barter for "world domination" by using the information instead of selling it. We need to re-examine what qualifies as "safely" in that case, though. :P

Re: What would you do if you hacked RSA?

Posted: Wed Mar 05, 2008 7:48 pm UTC
by tetsujin
Hmm, tempting as it is to try to find some way to profit from it - I guess probably what I'd actually do is let people know about it, give people some time to switch their security systems to alternate methods, and then publish the work...

I mean, sure, there's ways I could get extra profit out of something like that, but I think I wouldn't particularly want to use it to damage people's livelihood.

I could also take it to the NSA - explain to them that I was able to come up with a way to break RSA encryption and that I'd like to have a job - and then they could come back with "Oh, you've cracked RSA. That's nice. What else have you got?" :D

Re: What would you do if you hacked RSA?

Posted: Thu Mar 06, 2008 7:57 am UTC
by kinbote
Given that the NSA appears to have discovered PKI many years before Diffie, Hellman and Merkle, and even deployed it for communicating nuclear weapons authorizations, it would not be unexpected for them to have also discovered how to crack it by now.
It seems that there would be inestimable value in concealing that they can crack it. Being able to apply the crack in extraordinary cases would be worth far more than cracking everything, and thereby revealing they possess a crack and signaling enemies to change their methods. It's curious to think that only a small handful of individuals in the entire empire would even know about it.

Having the crack, the mere materialist might think to secure a carte blanche with the feds--you keep quiet, and they protect you by making you untouchable on paper within the bureaucracy(at least to a large extent). The degree of sophisticated white collar crimes which could be committed against the financial industry, and the profits to be made would be inconceivable with a get out of jail card like that.

But one man playing them at their own game to their face will inevitably conclude in an unhappy ending. They may not have you killed directly(we don't kill, echoes of "we don't torture"), but they could coordinate it so that another party does it, and they just choose not to stop it(polonium tea anyone?). Since there would be far too many unpredictable variables like this to ensure your own safety over your lifetime, this strategy would be suicide, both physically and spiritually--being purely for money, it fulfilled no greater purpose.

Therefore the logical strategy would be to immediately release the information about cracking RSA to the entire Internet on the spot, no heads up to any manipulators with a vested interest, no advance warnings, nothing.
:)

Re: What would you do if you hacked RSA?

Posted: Thu Mar 06, 2008 12:15 pm UTC
by Berengal
4chan, slashdot, digg, wikipedia, youtube etc. etc. I'd release the same message everywhere, telling everyone it was me who did it, and what method I used. I'd also contact my government about the big heap of money they're going to offer me for future employment.

Re: What would you do if you hacked RSA?

Posted: Thu Mar 06, 2008 12:24 pm UTC
by Hurduser
I go for the investigative journalism and release my results and the method in many places (I guess I'd make it on a weekend: I'd get a train ticket which is valid for one day in entire Germany, go to busy internet cafes near the central station, upload it there to some places and take the next train) :)

Re: What would you do if you hacked RSA?

Posted: Thu Mar 06, 2008 1:26 pm UTC
by Nexus_1101
Robin S wrote:Got the Digital Fortress reference, and agree wholeheartedly. I quite enjoyed the book, but not for its realism. The same can be said of The Da Vinci Code, the only other of his books that I've read so far.


damn beaten to the punch

Re: What would you do if you hacked RSA?

Posted: Sun Mar 09, 2008 5:17 am UTC
by phantom
Why does everyone want to tell the world about it? I'd use it for my own evil purposes. :twisted: :twisted: :twisted:

Re: What would you do if you hacked RSA?

Posted: Tue Mar 11, 2008 5:15 pm UTC
by GMontag
skeptical scientist wrote:Suppose you found a way to defeat RSA encryption. Maybe you discovered an efficient algorithm to factor large semiprimes, or else to invert modular exponentiation. Or possibly you tinkered together a working quantum computer out of chewing gum and baling wire. What would you do with it? Publicize it to get famous and cause a furor as the world of secure computing was turned upside-down overnight? Hack into the CIA database and find out whether the supposed "moon landing" really was filmed at a sound stage on Mars? Bankrupt the Republican National Committee with large anonymous donations to Amnesty International, Greenpeace and the United Negro College Fund? What?


I'd get the phone number of that cute NSA agent. And a Winnebago.

Re: What would you do if you hacked RSA?

Posted: Tue Mar 11, 2008 5:59 pm UTC
by rrwoods
I don't know. I'd probably post somewhere, asking for advice on what to do in the "hypothetical" situation that I'd cracked RSA. Preferably in a forum where the vast majority of the population can be assumed to even know what RSA is.

Re: What would you do if you hacked RSA?

Posted: Tue Mar 11, 2008 8:54 pm UTC
by skeptical scientist
Damn rrwoods, you're on to me.