Chris Kite Programming, Computer Security, Etc.

In his latest blog post, Andy Sloane issued a challenge to create a key-generator for his bespoke software licensing scheme.

Looking through his code, I quickly found that he was using RSA, and that valid keys decrypted to 12345678 under a hardcoded RSA public key.

In my response on the Reddit discussion, I explained creating a keygen was as simple as adding a multiple of his public-key modulus n to an existing key. Others quickly pointed out that it was trivial to factor n because it was not sufficiently large.

This is a great example of why creating secure systems is so hard: implementation mistakes are easy to make, and undermine the security of even the best cryptosystems.