The Weakest Link in Many Cryptosystems - Part 2 of 2

The Weakest Link in Many Cryptosystems - Part 2 of 2

RSA, a short recap

In a public key scheme, and for the sake of simplicity, assume a public scheme based on encryption-decryption (as opposed to e.g. DSA, the Digital Signature Algorithm, where the digital signature generated by the secret key is verified to satisfy a mathematic equation using the corresponding public key), you have two mathematical functions, called keys, the secret key S and the public key P and one is the inverse of the other, e.g. on a message m, P(S(m)) = S(P(m)) = m. RSA is the only widely used public key encryption scheme, constructed as follows: Generate two primes p and q of a fixed bit length, say 512 bits using a sufficiently random input. Denote the product by n, also known as the modulus. Now chose an appropriate so-called public exponent e. It must be prime to p - 1 and q - 1 (and there is no point in choosing it larger than φ(n) := (p - 1)(q - 1), as always, mφ(n) = 1 mod n - see below). There are computation advantages in choosing e small, such as 3, 17 or 65537 = 216 + 1, also known as the 4th Fermat prime. By running an extended version of Euclid's algorithm, which normal outputs the smallest common divisor of two numbers a and b, you can relatively easily find a number d such that for some number a, e∙d -a∙φ(n) = 1 modn. In the following, we just write ab rather than a∙b.

The Weakest Link in Many Cryptosystems – Part 1 of 2

The Weakest Link in Many Cryptosystems – Part 1 of 2

Introduction

It is well-known and appreciated by most users - even if often ignored(!) - that if you choose a weak password, you are exposing yourself to various risks. Whether your password is used for encryption of confidential data or just for access control doesn't really matter, so let's assume for a minute that it is actually used to encrypt your data - or perhaps to encrypt a key that is used to encrypt your data. The situation you are in is that