Hacker News new | ask | show | jobs
by mehrdadn 2485 days ago
Understanding enough to exploit is not what I meant. I meant understanding enough to know how to secure it. Like how understanding how to design a secure RNG is a heck of a lot harder than knowing how to exploit an insecure one.

> enough to set up a lattice basis and reduce it with LLL

This gets across my point perfectly well. I rest my case.
1 comments
tptacek 2485 days ago
Can you un-rest it for a second and tell me what you mean by that? For our purposes, a lattice is just a specialization of a vector space, and LLL is (1) not a whole lot harder to grok than Graham-Schmidt and (2) available in every serious library and in Sage, which is how people generally do this. If you have zero linear algebra, this sounds forbidding, but the fundamentals you need before tackling lattices and LLL are like, 1st semester linear algebra, and you can self-study your way to it.

Sean Devlin has talked a bunch of people through actually writing these attacks in cryptopals set 8. We talked English professors through the "number-theoretic" attacks on RSA in cryptopals set 6. It's fine if you don't want to dip into this stuff, but I'm not OK with the pretense that this intuition is somehow unattainable.

We need more people playing with these attacks, and fewer people trying to assemble new cryptosystems out of libraries they understand only from the documentation on the web page.

link
some_furry 2485 days ago
Hell, I'm teaching digital artists (the sorts of people whose most technical experience distills to "install tablet drivers so I can work with Photoshop") how to do work through the set, and live-streaming the whole experience on Twitch.

If I can teach random furries how to break RSA, I think it's safe to say that anyone determined can gain the necessary intuition.

link
tptacek 2485 days ago
Your Twitch stream intrigues me and I wish to subscribe to your newsletter.
link
some_furry 2485 days ago
https://twitch.tv/soatok

I had to take a hiatus for a few weeks but I'm going to be working through the Cryptopals sets in the coming weeks, starting tomorrow.

link
sdevlin 2485 days ago
> We talked English professors through the "number-theoretic" attacks on RSA in cryptopals set 6.

The English professor finished set 8 as well!

link