I would like to ask the forum what they think about this new method for data security.

**Introduction**

**Context:** Semiprimes, which are the product of two
prime numbers, are still an important building block in cryptography
as their factorization remains one of the unsolved problems in
mathematics. Currently, algorithms such as the Elliptic Curve Method
(ECM) and the Number Field Sieve (NFS) are used. The ECM is a
probabilistic factorization algorithm devised by H.W. Lenstra Jr. in
1985, while the NFS is based on finding relations between "smooth"
numbers (with few prime factors) in a number field. Of course, even
these algorithms are helpless against large semiprimes, and their
factorization capability decreases as the semiprime becomes larger.

**Objective:** To create a cryptosystem using very
large prime factors to address the challenge of quantum computers.

**How the Algorithm Works**

I want to talk about a new factorization system that I have named GC57, which can factor semiprimes 2, 3, and 4 times larger than the current semiprimes that are considered secure today, namely 13000-bit semiprimes. This factorization system exploits a particular property, namely the property of integers, or the property of the remainder. The integer of the number obtained through the Euclidean greatest common divisor is always a prime factor of the semiprime. This is true up to a certain field that can range from 2^25 to beyond 2^500. Let me explain:

Key

Field = 2^500

Prime factor p = x + (>1 < 2^500) any prime within the field of 2^500

Prime factor q = y + (>1 < 2^500) any prime within the field of 2^500

Semiprime n = pq

The GC57 algorithm can factor any semiprime that is the product of p and q within this field at ZERO time.

**How the Encryption
Program Works**

**1. Creation of the Semiprime Database**

This operation is important to maintain zero-time factorization because finding two prime factors of size 6000 bits and beyond would keep the system busy for a few minutes, slowing down the program. This database is stored on the computer and made available to the program, which will load one at random from those stored. Furthermore, this practice facilitates the diversification of the semiprimes used, for example, by keeping multiple semiprimes of different sizes. The program will then distinguish which key to retrieve to factor the selected semiprime.

**2. The Key**

The key, or keys, if we use multiple semiprime sizes, are stored on a USB key that must also be in the possession of the person receiving the messages. This also has another advantage, namely, if the sender of the messages has all the keys while the receiver has only some of the keys, these messages can only be decrypted by the person with the right key. Furthermore, it becomes very convenient when using only a shared folder, or a shared cloud, because each message is identified by how it was created, namely by what type of semiprime it was created from.

**3. Encryption**

When a message is created, the program loads a semiprime, as described above, and factors it at zero time. From the prime factor of this semiprime, it extracts the digital fingerprint (SHA 256) and passes it to the AES 256 encoding which will create the encryption key to encrypt the message. The encrypted message will then be saved in the shared folder, or on the shared cloud, with the text, the encrypted digital fingerprint and the semiprime inside.

**4. Decryption**

The message is loaded by the person to whom it is addressed and, using the same key used in the encryption phase, also stored on a USB key, the semiprime is extracted and factored at zero time, which is then passed to the SHA to retrieve the digital fingerprint with which AES will decrypt the message. The message will then be printed on the private printer, preferably connected by cable, and then deleted from the shared folder or cloud.

**Comparison with RSA**

**Speed:** RSA is relatively slow compared to
symmetric encryption algorithms. For this reason, it is generally
only used to exchange symmetric keys and to digitally sign documents,
not for encrypting large amounts of data. GC57 is very fast both in
zero-time factoring and in encoding large data with SHA and AES
algorithms.

• **Security**: RSA bases its security on the difficulty of
factorizing large semiprimes.

The GC57 also relies on this difficulty but adopts a system that allows it to factorize semiprimes much larger than RSA.

thank you

]]>

A lot of them are dealing with weak ciphers.

Obviously, you want to get away from SSL certs all together.

Please share how you are fixing them, if you want to.

Thoughts and comments are welcome!

Cheers & Hi5!]]>

]]>

Our developers are working on a solution to allow outside business partners to make api calls into our ERP system. They plan to use mutual authentication using certificates. I have an internal PKI system (ADCS), so my thought is issue certificates from our internal PKI, as opposed to using a 3rd party CA.

The developers seem to think the best solution is to use 1 client certificate for ALL of the business partners. This does not make sense to me, at all. I'm suggesting each business partner would get their own certificate.

Also, they seem to think we will distribute this certificate to the business partner. I don't like this either. Why would you distribute a certificate with the private key? I would think, have the business partner generate the CSR, I'll supply that to our internal PKI and issue them the certificate.

Am I way off? Am I being paranoid? I'm not a developer, this is outside my comfort zone.]]>

Can anyone please give me a simple definition of WHAT PKI is? Not only as what it does, but what it IS.

I mean from what I gathered here is that PKI is a group of protocols, policies, software and even people who are needed for creation and management of certificates right? And it involves Certificate Authority...

Any more clarifying definition will be appreciated!

Thanks in advance! ]]>

Any help with this question would be appreciated.]]>

I'm glad I watched it, it helped me out a lot.]]>

PKI - User JohnDoe Public Key: A10 Private Key: A1010

User SmithySmith Public Key: A20 Private Key: A2020

According to most PKI conceptual material I've read, user JohnDoe would encrypt a message going to SmithySmith with SmithySmith's PUBLIC KEY. When SmithySmith receives this message, he will then DECRYPT it with his mathematically-similar Private Key.

How in the hell do you decrypt a message with a key it was not encrypted with. I understand it is mathematically similiar, but if the decryption algorithm compensated for this, then wouldnt the whole encyption process just be bunk, as the encyption scheme is known?]]>

As far as advice, we are in the process or multiple projects over the next few years, with the possiblilities of alot of Certificate usage (RMS, NAP, IPsec server isolation, Direct Access, Wired and Wireless 802.1x, networking team wants TLS if possible for Wireless, SCCM with external distribution point, sharepoint extranet for collaboration with other orgs, and i am sure there is more comming...)

I would like to see if anyone has a book, resource, cbt, something indepth on a scalable PKI for internal and external use, and options of different implementations.... I need to have a bit more information than i am finding to backup my thoughts and business analysis on how to build this infrustructure for our organization. Even some resources that show just external or internal choices to be made would help....

I have some time becuase i have tasked the security team to develop the Certificate policy and that will give me guidelines that they see as well as whatever i come up with

Any HELP would be great, i know there are some very intelligent people on these forums... that might be able to give a guy a point in the right direction..

thanks]]>

for example my books cover that PGP uses its own decentralized type of digital certificates using an RSA based PKI method with two keys.

Which protocols and what encryption methods do they use do i need to know for the test?]]>

This question concerns the role of certificate authorities. How I understand PKI thusfar is that it's simply the use of asymmetric cryptography to protect data. I hope that much I have right.

Next, I've been looking for info on what exactly CAs do. What is their role in all of this? In other words, would it be possible to have PKI without a certificate authority and have each keep and issue their own public/private key pair?

If anyone is confused I can clarify this.]]>

I have worked with encryption and hashing but need to get a grip on it better.

where do i look (books sites?) and what certs?

Tunneling protocols like PPTP and L2TP are vpn encryption protocols right

and then the data is hashed with SHA1, SHA2 and or MD5 respectively?

seems to me data is tunneled and the tunnel is encrypted? and the data is hashed and sealed? is this the common mode of operation?

Just like SSL/HTTPS tunnel you could say and then you have PKI certs used to hash the data?

and say ssh tunnel and the say a proctol like rdp/ssh or vnc/ssh tunnel are these all the same? similar

and then you have IPSEC? how does that work? same way like an ipsec tunnel?

do yuo guys know of any good books or cbts to put this all together?

thanks]]>