Needless to say, those people should not be implementing RSA for a system that needs actual security. I'm looking for a better way to teach "real" RSA without needing the students to be math majors or to spend a whole semester on it. Does anybody have any suggestions?
https://www.coursera.org/learn/crypto
Although there are continuums of teaching delivery from muddled to clear explanations of concepts, there are no student shortcuts to escape the irreducible mental exertion to acquire familiarity towards mastery. Uncurious people shouldn't be in the field (no pun intended).
I also added plenty of inline python code blocks students can change and run on the fly.
The reason i wrote this is the hand waving around group theory i saw in other explanations. Namely you shouldn't just say x^y always = x mod m for certain values of y (eg. x^13=x mod 35, even for factors of 35). You should give a detailed, intuitive understanding of why this occurs.
It's an ugly naive implementation, but it's much simpler and more accessible than any real one I've ever seen, and depends on nothing but libc.
RSA is math so it seems like you're trying to shove a square peg into a round hole here.
I don't know how it's taught elsewhere but I feel like I both have "a sufficient grasp of the number theory to really understand what is going on" but also I "should not be implementing RSA for a system that needs actual security" !
Start and end with a reminder to use padding.
Actually if you want to make it not-so-mathy, talking about about how to be compatible with other programs could be nice. How do you import/export public key in pem or der? How do you (de)serialize ciphertext?
Strong primes are ones where the totient (both carmichael and euler totients) have large primes in them. This happens naturally for 2048 bit and above RSA keys in any-case, they'll statistically absolutely have primes that are larger than the bits needed to factor using elliptic curve methods (>256 bits). In general it's just not that helpful, similar to trying to require carmichael rather than Euler totient. Ok you've made the 2048 bit key 3 bits stronger, great, but let's not bother right?
There is probably a newer standard superseeding that but it is there in the ansi standards
The proof of which is left to the reader?
disappears into the back room for fifteen minutes
"Yes, it's trivial."
I will henceforth refer to software development as 'software engineering' to convey its equivalence, or perhaps superioriority over other 'engineering' disciplines which are based on ambiguous mathematical language, as opposed to rigorous, machine-verifiable, unambiguous languages.
commandersaki•4mo ago
Given a standard 2048-bit RSA modulus, the totient is still ~2048 bits. I'm not sure and haven't done or seen analysis given the reduction in size (and search space) when replaced with a Carmichael function.
I know, I'll attempt to summon cperciva.
cperciva•4mo ago
BTW the Carmichael function and Carmichael numbers have little in common aside from their author and the fact they concern whether x^b = 1 mod N for x relatively prime to N.
commandersaki•4mo ago
cperciva•4mo ago
chc4•3mo ago
DougMerritt•3mo ago
cperciva•3mo ago
(I search on a ~daily basis for mentions of "cperciva", "Tarsnap", and "daemonology.net" to see where I and/or my work are mentioned.)
less_less•3mo ago