frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

A Quiet Change to RSA

https://www.johndcook.com/blog/2025/10/06/a-quiet-change-to-rsa/
58•ibobev•4d ago

Comments

commandersaki•4d ago
Hm, never encountered the Carmichael function before, but I have had a cursory understanding of Carmichael number.

Given a standard 2048-bit RSA modulus, the totient is still ~2048 bits. I'm not sure and haven't done or seen analysis given the reduction in size (and search space) when replaced with a Carmichael function.

I know, I'll attempt to summon cperciva.

cperciva•4d ago
This isn't used in practice because if you care about efficiency you're not calculating M^d mod N; instead you compute exponents mod p and mod q and use the CRT to combine (as mentioned in the author's link to "Garner's algorithm").

BTW the Carmichael function and Carmichael numbers have little in common aside from their author and the fact they concern whether x^b = 1 mod N for x relatively prime to N.

commandersaki•3d ago
Thanks, I thought about this a bit more. Would the security argument for using the Carmichael function essentially be the same as RSA with totient function, as the adversary can always find d that satisfies either function (Carmichael or Euler totient) regardless of which function is used?
cperciva•3d ago
Correct. You could construct a weird scenario with a buggy side channel attack where using a different value for d would matter, but generally speaking the attacker doesn't know and doesn't care what value (out of the infinitely large number of options!) you're using.
chc4•1h ago
The summoning worked!
jasperry•4h ago
There are a lot of people who learn and teach the RSA algorithm superficially without a sufficient grasp of the number theory to really understand what is going on. I know because I've been one of them (on both sides). The Carmichael vs. Euler totient issue confused me for a long time.

Needless to say, those people should not be implementing RSA for a system that needs actual security. I'm looking for a better way to teach "real" RSA without needing the students to be math majors or to spend a whole semester on it. Does anybody have any suggestions?

goalieca•3h ago
Given how much more favored ECDSA and ECDH is these days, i recommend teaching elliptic curves. They're actually quite simple to understand mathematically if you want a shallow comprehension.
supernetworks_•41m ago
The task for teaching is much harder now as these need to be combined into hybrid PQC protocols
Krutonium•26m ago
Sure, but teaching the original as a fundamental building block would still be just that.
burnt-resistor•3h ago
Anyone with an undergraduate CS background should be able to handle Dan Boneh's course:

https://www.coursera.org/learn/crypto

Although there are continuums of teaching delivery from muddled to clear explanations of concepts, there are no student shortcuts to escape the irreducible mental exertion to acquire familiarity towards mastery. Uncurious people shouldn't be in the field (no pun intended).

AnotherGoodName•2h ago
I wrote an article trying to give a simple overview for teaching. https://rubberduckmaths.com/eulers_theorem

I also added plenty of inline python code blocks students can change and run on the fly.

The reason i wrote this is the hand waving around group theory i saw in other explanations. Namely you shouldn't just say x^y always = x mod m for certain values of y (eg. x^13=x mod 35, even for factors of 35). You should give a detailed, intuitive understanding of why this occurs.

jcalvinowens•1h ago
I use this as a teaching aid: https://github.com/jcalvinowens/toy-rsa

It's an ugly naive implementation, but it's much simpler and more accessible than any real one I've ever seen, and depends on nothing but libc.

edm0nd•3h ago
A reminder, $10M was all it took for RSA to backdoor its own encryption for the NSA.
jdpage•2h ago
A reminder, RSA (the cryptosystem) is not a product of RSA (the security company); the cryptosystem predates the company by a decade and was also independently invented by a GCHQ researcher a few years before, but it remained classified there.

The only thing they really have in common is that the founders of RSA (the company) were the public inventors of RSA (the cryptosystem). The company didn't get into bed with the NSA until the turn of the century.

nayuki•2h ago
Specifically, the algorithm https://en.wikipedia.org/wiki/Dual_EC_DRBG .
charcircuit•54m ago
There is no evidence that it was backdoored. You should not talk as if it was a fact, when it's pure speculation.
AnotherGoodName•3h ago
Another similar one is that we don't care for strong primes anymore and even though the standards for RSA specifically require it, it's not actually helpful at all, see https://eprint.iacr.org/2001/007

Strong primes are ones where the totient (both carmichael and euler totients) have large primes in them. This happens naturally for 2048 bit and above RSA keys in any-case, they'll statistically absolutely have primes that are larger than the bits needed to factor using elliptic curve methods (>256 bits). In general it's just not that helpful, similar to trying to require carmichael rather than Euler totient. Ok you've made the 2048 bit key 3 bits stronger, great, but let's not bother right?

mmastrac•59m ago
"The efficiency gained from using Carmichael’s totient is minimal. More efficiency can be gained by using Garner’s algorithm."

The proof of which is left to the reader?

GNU Health

https://www.gnuhealth.org/about-us.html
154•smartmic•2h ago•41 comments

The <output> Tag

https://denodell.com/blog/html-best-kept-secret-output-tag
562•todsacerdoti•9h ago•132 comments

Microsoft Amplifier

https://github.com/microsoft/amplifier
103•JDEW•3h ago•77 comments

Show HN: Gnokestation Is an Ultra Lightweight Web Desktop Environment

https://gnokestation.netlify.app
12•edmundsparrow•53m ago•6 comments

Vibing a non-trivial Ghostty feature

https://mitchellh.com/writing/non-trivial-vibing
96•skevy•3h ago•40 comments

Testing two 18 TB white label SATA hard drives from datablocks.dev

https://ounapuu.ee/posts/2025/10/06/datablocks-white-label-drives/
35•thomasjb•5d ago•14 comments

AMD and Sony's PS6 chipset aims to rethink the current graphics pipeline

https://arstechnica.com/gaming/2025/10/amd-and-sony-tease-new-chip-architecture-ahead-of-playstat...
242•zdw•13h ago•268 comments

The World Trade Center under construction through photos, 1966-1979

https://rarehistoricalphotos.com/twin-towers-construction-photographs/
123•kinderjaje•4d ago•50 comments

Superpowers: How I'm using coding agents in October 2025

https://blog.fsck.com/2025/10/09/superpowers/
158•Ch00k•10h ago•98 comments

Windows Subsystem for FreeBSD

https://github.com/BalajeS/WSL-For-FreeBSD
153•rguiscard•10h ago•42 comments

Crypto-Current (2021)

https://zerophilosophy.substack.com/p/crypto-current
5•keepamovin•5d ago•3 comments

How to Check for Overlapping Intervals

https://zayenz.se/blog/post/how-to-check-for-overlapping-intervals/
29•birdculture•2h ago•8 comments

A Quiet Change to RSA

https://www.johndcook.com/blog/2025/10/06/a-quiet-change-to-rsa/
58•ibobev•4d ago•18 comments

I built physical album cards with NFC tags to teach my son music discovery

https://fulghum.io/album-cards
502•jordanf•21h ago•176 comments

Wilson's Algorithm

https://cruzgodar.com/applets/wilsons-algorithm/
11•FromTheArchives•4h ago•1 comments

Building a JavaScript Runtime from Scratch using C

https://devlogs.xyz/blog/building-a-javaScript-runtime
26•redbell•3d ago•15 comments

A Library for Fish Sounds

https://nautil.us/a-library-for-fish-sounds-1239697/
23•pistolpete5•4d ago•4 comments

(Re)Introducing the Pebble Appstore

https://ericmigi.com/blog/re-introducing-the-pebble-appstore/
239•duck•20h ago•43 comments

How hard do you have to hit a chicken to cook it? (2020)

https://james-simon.github.io/blog/chicken-cooking/
150•jxmorris12•16h ago•89 comments

Daniel Kahneman opted for assisted suicide in Switzerland

https://www.bluewin.ch/en/entertainment/nobel-prize-winner-opts-for-suicide-in-switzerland-261946...
409•kvam•10h ago•359 comments

Tangled, a Git collaboration platform built on atproto

https://blog.tangled.org/intro
276•mjbellantoni•21h ago•71 comments

Programming in the Sun: A Year with the Daylight Computer

https://wickstrom.tech/2025-10-10-programming-in-the-sun-a-year-with-the-daylight-computer.html
142•ghuntley•18h ago•47 comments

Let's Take Esoteric Programming Languages Seriously

https://feelingof.com/episodes/078/
63•strombolini•3d ago•13 comments

Show HN: I invented a new generative model and got accepted to ICLR

https://discrete-distribution-networks.github.io/
611•diyer22•1d ago•82 comments

Synthetic aperture radar autofocus and calibration

https://hforsten.com/synthetic-aperture-radar-autofocus-and-calibration.html
161•nbernard•3d ago•9 comments

Does our “need for speed” make our wi-fi suck?

https://orb.net/blog/does-speed-make-wifi-suck
237•jamies•23h ago•280 comments

Learn Turbo Pascal – a video series originally released on VHS

https://www.youtube.com/watch?v=UOtonwG3DXM
92•AlexeyBrin•6h ago•32 comments

Firefox is the best mobile browser

https://kelvinjps.com/blog/firefox-best-mobile-browser/
177•kelvinjps10•4h ago•95 comments

Show HN: A Digital Twin of my coffee roaster that runs in the browser

https://autoroaster.com/
122•jvkoch•5d ago•35 comments

AV2 video codec delivers 30% lower bitrate than AV1, final spec due in late 2025

https://videocardz.com/newz/av2-video-codec-delivers-30-lower-bitrate-than-av1-final-spec-due-in-...
233•ksec•10h ago•144 comments