
How RSA Works: TLS Foundations - rmdoss
https://fly.io/articles/how-rsa-works-tls-foundations/?twitter
======
mabbo
I find the description of the RSA math pretty confusing. And I'm saying that
with a minor in math and a CS degree specializing in security; I've don't this
before, just not in a while.

For example:

>In order to generate e, we'll need to find a random prime number that has a
greatest common divisor (GCD) of 1 in relation to ϕ(n).

How can a prime number have any divisor that isn't 1, let alone a gcd? Either
that's mistaken, or it's unnecessary to state.

There's also no explanation of what purpose the totient value is. The author
simply states it's needed, but not what value it provides.

In short, it feels like it's written for people who already know the answers,
not for people trying to learn.

~~~
baby
> How can a prime number have any divisor that isn't 1

What they mean by "gcd of 1 in relation to" is what we call "coprime".

5 and 3 are coprime because nothing but 1 divides both at the same time.

> what purpose the totient value is

it allows you to compute the private key out of the public key (only possible
if the totient is coprime with the public key)

~~~
mabbo
Yes, but why? Just saying "here's the algorithm" doesn't really explain why it
works.

------
hannob
A better title would be "How RSA does not work".

I'm a bit annoyed by many of these crypto introductions that explain textbook
RSA, which is not something anyone uses in a real world application. It is
crucial for RSA to use a padding mode and that's where all the fun comes in
and what decides about how secure the thing you're building is.

------
AngeloAnolin
Noticed that this page worked on Chrome, but not on FF.

On FF (57.0.2) Windows 7, the message is as below:

Error 1010 Ray ID: 3cc3b2b85d0b9300 • 2017-12-12 21:15:17 UTC Access denied
What happened?

The owner of this website (fly-io.ghost.io) has banned your access based on
your browser's signature (3cc3b2b85d0b9300-ua48).

Not sure if the author or website owner had a beef with FF.

~~~
mrkurt
This is CloudFlare helpfully preventing you from DDOSing Ghost. We're working
on bypassing CF for our ghost stuff, sorry about that.

~~~
judge2020
If you have extra page rules, the "disable security" tick on
`[https://fly.io/articles/*`](https://fly.io/articles/*`) may stop this kind
of protection.

~~~
mrkurt
It's not actually our CloudFlare site, unfortunately, we're proxying Ghost Pro
through our service (so we can serve `/articles/` on the same hostname).

------
kss238
Can someone explain this section some more

>Considering that we need a distinct key for each individual, that exchanging
keys with each person would be a significant computational burden, and that
there are more cryptographic functions needed than simply exchanging keys, new
methods arose.

Isn't this exactly what RSA does, exchanging a private symmetric key with
asymmetric crypto? The next paragraph makes it seem like RSA does something
different.

~~~
goodroot
Most excellent question, kss238. The next part in the series, which breaks
apart the different parts of a TLS ciphersuite, was just published:
[http://fly.io/articles/how-ciphersuites-work/](http://fly.io/articles/how-
ciphersuites-work/)

It should answer your question, in similar spirits to that of this article.
Thank you for reading and I wish you well.

~~~
bogomipz
What is the rest of the context of the Golang code snippet in that that link?

~~~
matahwoosh
It's most likely to be Fly-specific, but you could replicate this behavior
with passing appropriate to tls.Config#GetCertificate
([https://golang.org/pkg/crypto/tls/#Config](https://golang.org/pkg/crypto/tls/#Config)).
You could then have something like that :

    
    
      GetCertificate: func(helloInfo *tls.ClientHelloInfo) (*tls.Certificate, error) {
      	return myGetCertificateImplementation(checkClientSupportForECDSA(helloInfo))
      }
    

You would see what curves/ciphersuites are supported by the client and check
that against what you'd be supporting (if you use LE than that's more than
likely going to be ECDSA with P-256). You would then return ECDSA cert (if one
exist) for supporting clients and fallback to RSA certs. :boom: :D

~~~
bogomipz
Thanks, cheers.

------
sethgecko
I just made a quick Python implementation (3.6+ only as it uses the secrets
module)

[https://github.com/mcdallas/rsa](https://github.com/mcdallas/rsa)

~~~
lou1306
Nice! I also did something similar during my basic crypto course.

I'll just show my implementation of Wiener's attack, which shows that RSA can
be super weak if you don't choose your private key with a grain of salt.

[https://gist.github.com/lou1306/df1bfa60e247b4084149139a97da...](https://gist.github.com/lou1306/df1bfa60e247b4084149139a97dab761)

------
orliesaurus
interesting, these folks at fly.io sure put out a lot of content!

