Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bruteforce #14

Open
oskarvonephesos opened this issue Apr 19, 2021 · 0 comments
Open

Bruteforce #14

oskarvonephesos opened this issue Apr 19, 2021 · 0 comments

Comments

@oskarvonephesos
Copy link
Contributor

Hi!

This isn't really a bug in the code, but since I have been contributing some code to this repository, I thought it might be important to stress just how far this is from being secure. This really is purely for educational purposes!

I have attached a simple file that generates a key-pair and then times how long it takes to figure out the private key from the public key (actually it just factors the primes, but getting from the primes to the private exponent really is trivial). Running it on my laptop takes less than a ms.

Theoretically the primes.txt file could be modified to include larger primes, but the bottom line is: you won't be able to generate 1024-bit primes using C's built-in data types (that max out at 64 or 80 bits).

//save this as bruteforce.c and
//compile this using gcc rsa.c bruteforce.c -o bruteforce
#include <stdio.h>
#include "rsa.h"
#include <stdlib.h>
#include <stdint.h>
#include <math.h>
#include <sys/time.h>

int main(){

      struct public_key_class* pub = (struct public_key_class *)malloc(sizeof(struct public_key_class));
      struct private_key_class* priv = (struct private_key_class*)malloc(sizeof(struct private_key_class));
      rsa_gen_keys(pub, priv, PRIME_SOURCE_FILE);
      struct timeval before, after, difference;
      uint64_t i = (uint64_t) sqrt((double)pub->modulus), j;
      uint64_t modulus = (uint64_t) pub->modulus;
      gettimeofday(&before, NULL);
      while (1){
            j = modulus/i;
            if (j * i == modulus){
                  break;
            }
            i--;
      }
      gettimeofday(&after, NULL);
      timersub(&after, &before, &difference);
      printf("Time elapsed: %ld.%06lds\n", (long int)difference.tv_sec, (long int)difference.tv_usec);
      printf("p: %llu q: %llu\n", j, i);
      printf("calculated modulus: %llx\n", j*i);
      printf("modulus was: %llx\n", pub->modulus);
      return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant