Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago

Schneier on Security

Security / Schneier on Security 832 Views 0

Earlier this month, I made fun of a company called Crown Sterling, for...for...for being a company that deserves being made fun of.

This morning, the company announced that they "decrypted two 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer." Really. They did. This keylength is so small it has never been considered secure. It was too small to be part of the RSA Factoring Challenge when it was introduced in 1991. In 1977, when Ron Rivest, Adi Shamir, and Len Adelman first described RSA, they included a challenge with a 426-bit key. (It was factored in 1994.)

The press release goes on: "Crown Sterling also announced the consistent decryption of 512-bit asymmetric public key in as little as five hours also using standard computing." They didn't demonstrate it, but if they're right they've matched a factoring record set in 1999. Five hours is significantly less than the 5.2 months it took in 1999, but slower than would be expected if Crown Sterling just used the 1999 techniques with modern CPUs and networks.

Is anyone taking this company seriously anymore? I honestly wouldn't be surprised if this was a hoax press release. It's not currently on the company's website. (And, if it is a hoax, I apologize to Crown Sterling. I'll post a retraction as soon as I hear from you.)

EDITED TO ADD: First, the press release is real. And second, I forgot to include the quote from CEO Robert Grant: "Today's decryptions demonstrate the vulnerabilities associated with the current encryption paradigm. We have clearly demonstrated the problem which also extends to larger keys."

People, this isn't hard. Find an RSA Factoring Challenge number that hasn't been factored yet and factor it. Once you do, the entire world will take you seriously. Until you do, no one will. And, bonus, you won't have to reveal your super-secret world-destabilizing cryptanalytic techniques.

EDITED TO ADD (9/21): Others are laughing at this, too.

EDITED TO ADD (9/24): More commentary.

Comments