Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> At first I decided to hack RSA algorithm, I did too much investigation on SSL protocol, tried to find an algorithm for factoring integer, analyzed existing algorithms, for now I was not able to do so, at least not yet, but I know it's not impossible and I'll prove it

Huh. He kind of lost all credibility at that point. Breaking RSA isn't something you just decide to do. I'll wait for the day when he announces he's broken it.



Hasn't everyone woken up some day and said "hey, I'm gonna break RSA today"? I guess that only happens when you have the experience of 1000 hackers...


You'd think someone with the experience of 1,000 project managers would at least have said "this week." Just for some "uh oh" room...


Or the polynomials of 1,000 numeric field sieves.


pfft call me when it's over 9000.


LOL. Does this guy think he's really going to scare us with lines that could've come from a Michael Bay movie??


Aren't they just naively translated idioms which don't sound quite so hackneyed in Farsi? Dunno, just guessing.


The math in these algorithms is not the vulnerable part of the process. It is almost always the implementation or the implementers that are exploited.


I came here to post exactly that.

After reading him state how astonishing his skills are and how he'll tackle the integer factorization problem, I thought to myself, "he must be a 20 years old university student." Then he states his age.


Yes, the posturing did not lend credibility to his statements. Besides that, it seems vaguely plausible.


I highly doubt that he will be able to do so either.

However, that does not reflect on whether or not he is the one that is behind the attack on Comodo, which has no real indications of being difficult.

Comodo claims that it must have been an organized, planned out attack because they knew which domains to get certificates for. That does not explain why 3 were generated for one domain and one for 'global trustee'. Nor does it take a genius to figure out a set of domains you would want certificates for depending on what you are planning to do (in this case, it seems like attacking large webmail providers).


> I'll wait for the day when he announces he's broken it.

And so will a massive part of the Computer Science/Mathematics/Physics community. Answering the P vs NP question is kind of a big deal. :D


No. Integer factorization is not NP-hard (so not NP-complete). (This isn't proven, but it's generally thought to be the case.) So, while doing a polynomial-time integer factorization would be hugely significant (and make all asymmetric encryption in the world useless), it would not prove P=NP.


> So, while doing a polynomial-time integer factorization would be hugely significant (and make all asymmetric encryption in the world useless)

This is wrong in two ways.

First, a polynomial-time algorithm could still be too slow to be practical, either because the degree of the polynomial were high or because the constant factor or asymptotically disappearing overhead were high.

Second, discrete-logarithm-based cryptography does not depend on the difficulty of integer factorization. That includes Diffie-Hellman, ElGamal, DSA, SRP, and elliptic-curve methods.

You're right that integer factorization is not known to be NP-hard, and so a polynomial-time integer factorization algorithm wouldn't show P=NP.


You're right, that statement was rather too broad. Thank you for the correction.


I don't want to turn this into a complexity theory discussion thread but isn't it an NP problem? And does proving that it can be solved in polynomial time mean P == NP (and vice versa)?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: