Chapter 24 – Public Key Cryptography and the RSA Cipher 381The particular public key cipher that we will implement is called the RSA cipher, which was
invented in 1977 and named after its inventors: Ron Rivest, Adi Shamir and Leonard Adleman.
The Dangers of “Textbook” RSA
While we don’t write a hacking program for the RSA cipher program in this book, don’t make the
mistake of thinking the rsaCipher.py program featured in this chapter is secure. Getting
cryptography right is very hard and requires a lot of experience to know if a cipher (and a
program that implements it) is truly secure.
The RSA program in this chapter is known as textbook RSA because, while it does implement
the RSA algorithm correctly using large prime numbers, there are several subtle faults with it that
can lead to its encrypted messages being hacked. The difference between pseudorandom and truly
random number generation functions is one such fault. But there are many others.
So while you might not be able to hack the ciphertext created by rsaCipher.py, don’t think that no
one else can. The highly accomplished cryptographer Bruce Schneier once said, “Anyone, from
the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t
break. It’s not even hard. What is hard is creating an algorithm that no one else can break, even
after years of analysis. And the only way to prove that is to subject the algorithm to years of
analysis by the best cryptographers around.”
The program in this book is a fun example, but stick to professional encryption software to secure
your files. You can find a list of (usually free) encryption software here:
http://invpy.com/realcrypto.
A Note About Authentication
There is a slight problem with public key ciphers. Imagine you got an email that said this:
“Hello. I am Emmanuel Goldstein, leader of the resistance. I would
like to communicate secretly with you about very important matters.
Attached is my public key.”Using the public key, you can be sure that the messages you send cannot be read by anyone other
than “Emmanuel Goldstein”. But how do you know the person who sent you this is actually
Emmanuel Goldstein? Maybe it is Emmanuel Goldstein that you are sending encrypted messages
to, or maybe it is a spy agency that is pretending to be Emmanuel Goldstein to lure you into a
trap.