The attack is *relatively* easier. It is not easy. It is much harder to crack
RSA than to find a matching hash. Cracking a 2048 bits RSA key probably
requires on the order of 2^1024 trials, and that will take you something like
forever. Cracking the hash requires only something on the order of
On the other hand, cracking SSAS is *much* easier than cracking RSA, or even
cracking CGA.
SSAS builds the 64 bit identifier as follow:
* Pick a random 16 bit number;
* Use that number as an index in the bit array representing the public
key;
* Extract the 48 bits
Thanks again for your response. I have some questions:
- Choosing a random part of the public key does not help to
increase the probability of matching the public key to the IID?
if I am to improve this section and by saying we need to generate two, one
byte random numbers such that the
I don't think the index helps much. I suspect that SSAS could be broken in
minutes if someone did a parallel implementation on a GPU. Maybe seconds.
Frankly, I believe that you have fallen in the trap of inventing your own
crypto. Most of these inventions turn out to have flaws, and won't pass
In your previous mail you wrote:
I don't think the index helps much. I suspect that SSAS could be broken in
minutes if someone did a parallel implementation on a GPU. Maybe seconds.
= you peak 2 primes for a standard RSA public key. You fix one and
you divide the modulus to get an idea of
Thanks Christian,
Here is what I propose. I have an implementation of SSAS and I will try to
break it to see how long it will take. (I will also share the code with
others so that more people can try to break it.) Based on the mathematical
calculations (of finding the expected value) the
Santosh, I suppose we have to use more than 2048 bits for RSA then... But
that's not really the point of the debate.
CGA is an algorithm specified for IPv6 secure neighbor discovery and is
specified in RFC 3972. CGA works by associating an IPv6 address with a public
key. The public key is
