Photo by Philipp Katzenberger on Unsplash

Piger Fabrica Crypto Flaw Found

What’s the shortest book in the world?

which basically has one page which says the number “2”, followed by “The End”. Well, researchers in the US have made the book a whole lot shorter with the discovery of weaknesses in using “2” as a prime number, and have stumbled upon a major flaw in the usage of public key encryption on many devices.

Their discovery is that “2” isn’t actually a prime number. Leading cryptographers and security engineers are now looking rather embarrassed as they had just “thought” that the number “2” was prime, as this is what they had been told, and they took at as a fact. One senior security architect working on the core of the Internet outlined:

Prime numbers are used extensively in public-key encryption key, and typically where we take two prime numbers and multiply them together to give a modulus (N). This modulus is often difficult to factorize as large numbers are used.

The usage of 2, though, has been useful in cryptography as it allows mobile devices to support public key calculations. Thus, many smart phone applications thus use this number as intruders just do not check for the number “2” in their attack tools. The logic on most of the tools just dismissed any even number, without actually checking if it was two. Eve 1, a well-known crypto hacker, outlines that:

Many experts think that law enforcement may have been using “2” as one of their prime numbers as no-one checks for it as one of the prime numbers.

The flaw, discovered by researchers at the MidTech Institute in Florida, in the commonly used Python library (PieCrypto) detects when a mobile device is being used, and more often than not used the value of “2” for one of the prime numbers. This meant that in around 60% of the encryption tunnels that were created an intruder could crack the cryptography within 1 picosecond. With a quantum computer, it would be expected that this could actually be cracked before the key was even generated, and that all the keys used in the future would actually be predicted in a single instance, and before the program is actually run.

The researchers - on investigating the number “2” - found that “2” is not actually a prime number. Prof Plant outlined,

He added that:

A leading designer of smart phones (who did not want to be named) outlined:

Conclusions

The research community is scratching its head just now. As researchers were searching for extremely large prime numbers, they forgot to check the most basic one — 2. A massive series of patching exercises are underway today from network administrators who are searching for any place that the number 2 is used and to delete its usage. And the shortest book in the world, just got a little shorter, but has opened the Internet up to cybercriminals, identity thieves, and crackers … but wasn’t it like that already?

So please help search for the number “2” on your computer system, and delete it wherever you find it. Also when you purchase your smart phone, make sure it does not disable the generation of large prime numbers — look for the sticker under the battery — it should say something like “No 2s here”. So for the sake of an extra day on your battery, wouldn’t you like to be just a little safer?

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store