Monday, February 1, 2016

ASCII Strings within the Largest Known Prime Number


Someone on the Youtube Numberphile Channel was wondering if after converting the Largest Prime Number  to base 26 (see previous post) would there be any interesting ASCII strings within the Number.

I think I have created a Unix Function that will do the conversion.

( echo "obase=16;"; echo "obase=26; 2^74207281-1" | bc | tr -d '\n' | tr -d '\\' | sed 's/ /;65+/g' ) | bc | xxd -r -p

This will take a while (maybe several hours, or days), but if I find something interesting, I will report the results.


-- Home Page: https://WA0UWH.blogspot.com

Friday, January 22, 2016

The New Largest Prime Number Found

UPDATED:
Added Details and Links

Recently (Jan 7. 2016) the next and Largest Prime Number has be found (so far), it has about 22 Million Digits long, See, YouTube at: https://goo.gl/C7ngE7.

The number can be expressed as a small-simple math function, that is: "2^74207281-1"

The previous Large Prime Number (17 Million Digits) was found about 3 years ago on Jan 25, 2013, see: http://goo.gl/UbAWK0

Hopefully, and if history hold true, we will see the next Largest Prime sometime within the next 3 to 5 years.

Just for fun, I decided to see how long it would take my 3.4GHz Workstation to perform the calculation and print the full 22 Million Digits to the screen - it took about 154 minutes - it was like watching paint dry.  :-)

Note: To verify that it "is actually prime" would probably take several months (or more actually several years) on my computer.

Here is the linux command that I used to print this New Prime, and a few of the Beginning and Ending Digits of the results:



$ time echo "2^74207281-1" | bc
30037641808460618205298609835916605005687586303030148484394169334554
77232190679942968936553007726883204482148823994267278352907009048364
32218015348199652241372287684310213386284573666361506667532122772859
35986405778025687564779586583214205117110963584426293657265038724071

.
 .  ( 22 Million More Digits )
  .

74801792765597096176486305356033886997788467889060830923906229428002
87770846681535011427622921221836904045477963931367013401448014940470
41169663347456468851607177740147629124621136468794258014451073931002
12927181629335931494239018213879217671164956287190498687010073391086
436351

real 153m50.931s
user 92m34.588s
sys 0m13.496s



Note: To capture the number on the screen, a large display buffer of more than 22 Meg Bytes (of RAM) was necessary.

I need to check with YouTube and/or Numberphile to see if my calculated number is correct  :-)

My computer is current checking four large numbers to see if they are Prime, this consumes about 100% of the Quad Core CPU, but it runs at a very low priority so it does not effect my use of the computer. Each is expected to finish at different times, Below shows the number being tested, and number of days until I should have the results:
As you may have expected, . . . I am a fan of Very Large Numbers !

-- Home Page: https://WA0UWH.blogspot.com

Thursday, January 21, 2016

Simple Complexity - By Proxy

UPDATED:
Added Details and Links

For sometime I have struggled with how to allow public access to my home web servers and Esp8266 modules without opening up my network to abuse. In the past I have managed public access via my Router, by changing its configuration of Port Forwarding and NAT.  This works, but it is a pain to manage and generally requiring a re-boot of the network for each change.

Recently, I have discovered (actually re-discovered) that an Apache2 Web Proxy Server is much easier to manage, but it has a bit of a steep learning curve, with a lot of manual pages to read. One key concept is that Apache2 ReWriteRules are a super-set of the functionality of ProxyPass, each have their own documentation web pages.

After building the Required Config files

Now, on my Router I allow only Ports: http 80, 8040, 8160, and a private ssh port for access from the Internet. Ports 8040, and 8160 are still open for historical reasons, that is, they are used for my published Web Pages at: http://www.WA0UWH.com:8040, and my Esp8266 Server Farm devices.

The Apache2 Web Server supports: Virtual Host Names with Proxy Redirects, ReWriteRules, and ProxPass. By setting up "*.wa0uwh.com" as a CNAME (an aliases) to "www.wa0uwh.com" at my DNS Provider, I can use any "device name" I would like in the config files to initiate a proxy process. For example: I can now use and publish "http://node129.wa0uwh.com" for one of my Esp8266 Web Server modules. The actual connection details and security are all hidden behind the proxy curtains.

The normal web page port 80 is setup with a default virtual host page of; "Error 404", only configured virtual hosts and named devices are let through the proxy.

Note: The service and/or host that is selected is a combination of both Port Number and Host Name (or alias). For an incoming connection, the file is scanned from top to bottom, only the first match is used to select the service.

The following are excerpts from my Apache2 Default Virtual Host configuration file.


ServerName default.wa0uwh.com
LogLevel alert rewrite:trace1

<VirtualHost *:80>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/DEFAULT/Public

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

# End



The following are excerpts from my Apache2 Named Virtual Host configuration file.


## Main Web Pages

## Loft Raspberry PI
<VirtualHost *:8040 *:80 >

    ServerName  rp21.wa0uwh.com
        RewriteEngine on
        ServerSignature Off
        RewriteRule /(.*)$      http://192.168.___.___/$1 [P,L]

</VirtualHost

## Loft Raspberry PI
<VirtualHost *:8040 *:80 >

    ServerName  rp22.wa0uwh.com
        RewriteEngine on
        ServerSignature Off
        RewriteRule /(.*)$      http://192.168.___.___/$1 [P,L]

</VirtualHost>

# Esp8266 Node on Published Port 8160
<VirtualHost *:8160 >

    ServerName  node.wa0uwh.com
    ServerAlias node*.wa0uwh.*
    ServerAlias localhost
        RewriteEngine on
        RewriteRule /(.*)$    http://192.168.___.___/$1 [P,L]

</VirtualHost>

## Loft Esp8266 Nodes
<VirtualHost *:8040 *:80 >

    ServerName  node.wa0uwh.com
    ServerAlias node*.wa0uwh.com
        RewriteEngine on
        ServerSignature Off
        RewriteCond %{HTTP_HOST} ^node(129|162|164|168|169|170|172)\.wa0uwh\.com [NC]
        RewriteRule /(.*)$      http://192.168.___.%1/$1 [P,L]
        RewriteRule /(.*)$ -  [R=404,L]

</VirtualHost>


## Loft WA0UWH Web Server
<VirtualHost *:8040 *:80>

    ServerName www.wa0uwh.com
    ServerAlias *.wa0uwh.com
    ServerAlias localhost 192.168.__.__ 
        DocumentRoot    /var/www/WA0UWH/Public
        Alias /gallery  /var/www/WA0UWH/Public/Gallery

</VirtualHost>

# End



Note, the above is just an excerpt from my Apache2 Virtual Host config file. For security reasons, the details; actual IPA's (___), BlackListing, Hacker Traps, Web Abuse Traps, and HoneyPots, are NOT included . Google is your friend for suggested configurations.

Now, with simple edits of the Apache2 Virtual Host config file, I can turn ON or OFF, devices and/or services as desired, while leaving only the http and ssh ports open for public access at the router.

Also note: each of my Raspberry PI Web Servers also have similar Apache2 Virtual Host config files, that is: Proxies are serving Proxies, and most often the actual destination is at different physical locations, and on different Networks! All unseen for my Internet users.


-- Home Page: https://WA0UWH.blogspot.com

Monday, December 14, 2015

Got a Round TUIT

UPDATED:

As previously posted, I just needed a Round TUIT.

I receive the replacement CDSH270 Diodes for my Antenna Tuner today, with a little work and with a TUIT they were installed. The Tuner now works as before.

While during the surgery on the tuner, I installed some sharp pointed spark gaps at the SO-239 connectors, and between the Balanced Line Terminals. Maybe they will help save the Diodes the next time I forget to disconnect the Antenna during the an Electric Storm.

For the spark gaps, I soldered one end of a heavy copper wire directly to the SO-239 RF center connector, and then bolted the other end directly to ground (at the connector mount point). After the "Short" was installed, I cut it at the center with dull side-cutters, leaving sharp points on each side. The gap was adjusted to about 1/20 of a inch. The same was done between the Balanced Terminals.

With another TUIT, I installed a 6 AWG ground wire to the Tuner, but waiting for a large spade lug to make the final connection. My available lugs are not big enough for 6 AWG.


Today was nice and sunny, so I also raised the Long Wire Antenna to it normal height. Yesterday when I was repairing it, it was too cold and wet to futz with it to bring it to full height at 90 feet AGL.
 
Two years ago I tried to work on the antenna, but could not get the 3/32 support line to slide back down the tree. I suspected it had "grown" into a limb, or was pitched into a warren slot. My friend Jeff - KO7M and I was able to pull together hard enough to finally break it free. To avoid the same problem again, I slipped the line into a 20 foot piece of 1/4 inch polypropylene ice-make tube. which we pulled up into the tree where the support line goes over the branches.  Now two years later the line was easy to pull down and then back up.

So far I have made a few SSB contacts with the current antenna configuration. Now I am anxious to work some WSPR - but another TUIT is in the way.

-- Home Page: https://WA0UWH.blogspot.com


Sunday, December 13, 2015

Some Antenna Work and Repair

UPDATED: Tue Dec 22 21:38:59 PST 2015

I removed the 9:1 BalBal from my Off-Center-Fed Long Wire Antenna, as described below, it did not work as well as expected. More testing and measurement needed.



There has been a lot of chatter on the local Yahoo pQRP email list about building some 9:1 Ununs as a group project. I already have the Toroids and Wire and had planned to make several of my own - I was just waiting for a Round-TUIT (TUIT).

For the last several (6 or so) years, I have been using a 300 foot Off-Center-Fed (OCF) Long Wire antenna. It is strung up near the top of some nice tall trees with the feed point at about 90 feet AGL. It has worked very well on all bands for WSPR, QRSS, CW, and general Ham use. The antenna is fed with 450 ohm ladder line fed from a Tuner with an internal Balun. I rarely have to provide much L or C adjustment for reasonable performance.

With a crippled antenna (see below), last night I worked Sandy - KG7FFP as she is new General License Ham - Good going Sandy! We were on 80m, 3.885MHz.

There are several things that I have wanted to try, to see if I could improve performance.

The first, is a no-brainer; Ground the Tuner and the Rig, something that has always been waiting for another TUIT.

The second, may be more controversial, I have wanted to put a 9:1 BalBal at the feed point of the OCF Long Wire.  With 450 ohms ladder line in, the output should approximate 4050 ohms, which I think would more closely match typical OCF Long Wire feed impedance. In my case the short end of the Long Wire is about 20 feet. The Feed Line drops straight into my Loft's window, across the celling to the Ham Rig, I think more impedance is desirable, in reality, I thing everything in close proximity becomes the antenna, that is; the long wire, feed line, metal roof, and the moss soaked wet-trees, and I don't think they are typically just 450 ohms  :-)

Another "nit" that I wanted to improve (or remove) is the "egg" insulator at the feed point. I have never really liked this centre point set up, but it is what I had when it was first installed. The new set up is a now a 14 inch long, 3/4 inch PVC (conduit) with three holes in each end. The antenna wire goes through a "Z" bend at each end of the conduit, then "V's" down to my new 9:1 BalBal, which is about 18 inch lower. The antenna wire is standard, solid copper 12 AWG conduit wire.

My antenna tuner is still in my eShop waiting replacement diodes (CDSH270), they are on order and should arrive soon.  The antenna and Tuner took a near hit during one of the last electric storms. I was near the radio and heard a snap or spark across the terminals or somewhere inside, the radio did not suffer any ill effects, the tuner TOOK it ALL.

So, now what?

My newly configured OCF Long Wire Antenna is now up and ready for use, but still waiting tuner repair.

I am expecting some VERY GOOD to EXCELLENT performance from this antenna configuration, because it was installed exactly as per the weather-man specification - that is, it was raining all the time I was outside working with; support lines, antenna wire, BalBal, and feed line. I got soaked ! Everyone knows, that the best antennas always go up during inclement weather.

But, time will tell, I will post my impressions, measurement, and results, when available.


-- Home Page: https://WA0UWH.blogspot.com


Saturday, December 12, 2015

More Fun with Cyclops Numbers

UPDATED:
Added Details and Links


I created a fun function to compute Cyclops Numbers, see previous post.



D=9; C=0; L=27; 
echo "obase=${D}+1;(${D}+1)^(2*${L}-1) -1 -(${D}-(${C}%${D}))*(${D}+1)^(${L}-1)" | bc

Where:
  • D = Is the side Digits, 1 to 9
  • C = Is the single Cyclops Eye Digit, must be < D, or C mod D will be used
  • L = The Cyclops Eye Location (width)

D=8; C=3; L=2; => 838
D=8; C=3; L=3; => 88388
D=8; C=3; L=4; => 8883888
D=4; C=8; L=5; => 444484444
D=9; C=0; L=6; => 99999099999

The results for the above function:

99999999999999999999999999099999999999999999999999999


It is all fun and games, until someone pokes the Cyclops Eye   :-)


-- Home Page: https://WA0UWH.blogspot.com


Wednesday, December 9, 2015

More Large Numbers

UPDATED:
Added Details and Links

Update: Jan 7, 2016 - New Largest Prime found: echo "2^74207281-1" | bc, which is 22 Million Digits, the function takes 77.25 minutes to compute on a 3.4GHz Processor. See, youtube at: https://goo.gl/C7ngE7

See previous post.

The largest known prime number is: 17,425,170 digits long, it can be computed with this very short function:

echo "2^57885161 -1" | bc

On my Workstation (2.2GHz) it takes about 82 minutes to compute, but with more than 17M digits, it takes much longer to display or print.

To print, it would require 7.7 Reams of paper; single sided, 80 character per line, 56 lines to a page, and 500 pages pre ream.

Note: The person that finds the "next" larger prime number will be famous.


-- Home Page: https://WA0UWH.blogspot.com


Large Numbers

UPDATED:
Added Details and LInks

As noted in previous posts, I am a fan of Large Numbers, I am especially interested in small functions that compute Large Numbers.

Recently I watched a Numberphile Youtube video, which captivated my interest. The numbers that I found most interesting are large "Cyclops Numbers".

The following Linux function will compute a large Cyclops:

echo "10^(2*253-1) -1 -9*10^(253-1)" | bc

Can you spot the Cyclops Eye?


99999999999999999999999999999999999999999999999999999999999999999999\
99999999999999999999999999999999999999999999999999999999999999999999\
99999999999999999999999999999999999999999999999999999999999999999999\
99999999999999999999999999999999999999999999999909999999999999999999\
99999999999999999999999999999999999999999999999999999999999999999999\
99999999999999999999999999999999999999999999999999999999999999999999\
99999999999999999999999999999999999999999999999999999999999999999999\
99999999999999999999999999999


-- Home Page: https://WA0UWH.blogspot.com


Tuesday, December 8, 2015

Email from Raspberry PI or the Esp8266

UPDATED:
Added Details and Links

If you have been following my recent blog post, I posted about using "curl" to send SMS messages to a Cell Phone Number, I have also created a software function to send a similar SMS messages from Esp8266, and/or using the same strategy this could be used on a Raspberry PI. The SMS messages are transferred to the "textbelt.com" Open SMS Gateway. Access is via a HTML URL post, or via a command line "curl" command which simulates a HTTP post. The textbelt.com server imposes some limits, that is; no more than 3 messages per 3 minutes, and no more than 75 messages per day from a single IPA.

The folks at Textbelt are gracious to allow us "small-time" users to access their gateway for FREE, - SPAMMERS  are not welcome.

But, if you want your Raspberry PI or Esp8266 to send an actual "email", that is another problem. Accessing an "Open" Simple Mail Transport Protocol Gateways (an SMTP) is normally a problem for most users. The reason an "Open" SMTP is desirable for our Internet-of-Things (IoT's) is that authentication is NOT required on Open SMTP's, and therefore there is NO need for a "clear text" password saved in a file, nor is it transferred over the Internet.

There are a few Open SMTP available, where services are purchased by SPAMMERS to do their thing. A few of these SMTP gateways allow low-volume users access to their services for FREE, with some restrictions.  I have tried several Open SMTP gateways, and found most have additional requirements that I did not agree, like; sign up with a credit card.

I am currently using "smtp2go.com" which has a FREE Option and does not require a credit card to sign up. For low volume users like myself, it has a limit of 25 emails per hour, and/or 1000 emails per month, - which is more than enough email for my IoT's to report status, and/or other reports to me via email.

I have implemented a Mail Transfer Agent (MTA) which "talks" to the Open SMTP to send my messages. Messages can be sent to my normal Gmail Account, or to my Cell Phone as an SMS text message, or to any other email address that I desire.

I have written complete MTA function for my use with my ERB-EspWebServer Farm, but provided just some excerpts here for discussion. At some point I will post the complete listing on my GitHub.

Sorry, I did not include the "set up", but I think the upper case "#define" are obvious.



// ###########################################################
//////////////////////////////////////////////////////////////
//
//
boolean
_MTA(WiFiClient client, String aStr, String aPat, unsigned long aTimeout)
{
    
    boolean myStatus = false;
         
    if (aStr.length() ) client.println(aStr);

    yield();

    // Wait For Response
    unsigned long ts = millis();
    while (true) {
        if ( ts + aTimeout < millis() ) {
           myStatus = false;
           break;
        }
        
        yield();
        #if (OPT_MONITOR_DEBUG_OUTPUT) > 0 
            DEBUG_INDENT; Serial.println(sE(" Waiting: ") + aPat + E(" . . . ") );
        #endif
        
        String line = client.readStringUntil('\n');
        
        #if (OPT_MONITOR_DEBUG_OUTPUT) > 0 
            DEBUG_INDENT; Serial.println(sE("  ") + line);
        #endif
        
        if(line.indexOf(aPat) >= 0) {
            myStatus = true;
            break;
        }
    }

    return myStatus;
}

// ###########################################################
//////////////////////////////////////////////////////////////
//
// Provides easy access to page via Email Gateway
//
boolean
eMTA( String aDomain   = MY_DEFAULT_NODE_DOMAIN,
      String aTo       = MY_DEFAULT_EMAIL_TO,
      String aFrom     = MY_DEFAULT_EMAIL_FROM,
      String aMesg     = MY_DEFAULT_EMAIL_MESSAGE,
      String aHost     = MY_DEFAULT_EMAIL_HOST,
         int aPort     = MY_DEFAULT_EMAIL_PORT )
{
    
    digitalWrite ( gBluLED, ON );
    
        #if (OPT_MONITOR_DEBUG_OUTPUT) > 0
            DEBUG_INC_INDENT; Serial.println ( E("Starting Email Client ...") );
        #endif
      
        boolean myStatus = false;
       
        #if (OPT_MONITOR_DEBUG_OUTPUT) > 0
            DEBUG_INDENT; Serial.println( sE(" Connecting to: ") + aHost );
        #endif
      
        // Use WiFiClient class to create TCP connections
        WiFiClient client;
        if (!client.connect(aHost.c_str(), aPort)) {
            #if (OPT_MONITOR_DEBUG_OUTPUT) > 0
                DEBUG_DEC_INDENT; Serial.println( E(" Connection Failed") );
            #endif
            myStatus = false;
        }
        else {
      
          // Wait for Client to Start Sending
            #if (OPT_MONITOR_DEBUG_OUTPUT) > 0 
                DEBUG_INDENT; Serial.println( E(" Waiting for Connection") );
            #endif

            // The MTA Exchange
            while(true) {
    
                if (_MTA(client, "",                          "220 ", 10*SECs ) == false) break;
                if (_MTA(client, "EHLO " + aDomain,           "250 ", 10*SECs ) == false) break;
                if (_MTA(client, "MAIL FROM:" + aFrom + "",   "250 ", 10*SECs ) == false) break;
                if (_MTA(client, "RCPT TO:" + aTo + "",       "250 ", 10*SECs ) == false) break;
                if (_MTA(client, "DATA",                      "354 ", 10*SECs ) == false) break;
                if (_MTA(client, aMesg + "\r\n.\r\n",         "250 ", 10*SECs ) == false) break;
    
                myStatus = true;
                break;

            }
            
            client.flush();
            client.stop();
            
            #if (OPT_MONITOR_DEBUG_OUTPUT) > 0
                if (myStatus == true) { 
                    DEBUG_DEC_INDENT; Serial.println( E(" Connection Closed Successfully") );
                }
                else { 
                    DEBUG_DEC_INDENT; Serial.println( E(" Connection Closed With Error") );
                }
            #endif

        }
         
    digitalWrite ( gBluLED, OFF );
    
    return myStatus;
  
}


As can be seen, the logic of the MTA is really very simple: send a message, and then wait for a response, repeat as necessary, stop on error or finished.

Note: For the Raspberry IP, this can be implemented as a Bash script, in fact the details for the above program were first worked out using a script on a Linux Workstations.  I will post the script later.

If you find this useful - leave a comment.


-- Home Page: https://WA0UWH.blogspot.com

Wednesday, December 2, 2015

Playing with Diffie Hellman

UPDATED:
Added Details and Links

Note: I am not a cryptographer, I just like playing with large numbers.

There are no secret information provided in this blog post, it is all available online, this is just my added two cents, take it for what it is worth.

The Diffie-Hellman Key Exchange method is used to share a "Secret Key" between two users, without sending the shared Secret Key across the network.

See: Google Diffie Hellman.

The idea is simple, and the maths can be simple:

k=<my secret number>
g=<a publicly shared number>
p=<a publicly shared large prime number>

A new Shared or Secret Key: G = (g ^ k) mod p

What can make it difficult and secure is that VERY large numbers can be used, and therefore making it very difficult for an observer (villain) to use brute force to discover the Shared Secret Key.

If you read the available documentation about Diffie Hellman Key Exchange, you will no doubt learn all about; Alice, Bob (the good guys), and Eve (the villain). I suggest it for some bed time reading.

Note: the online documentation suggest that Alice and Bob must first each know some public numbers for "g" and "p".

But, there is nothing preventing a proper and secure Key Exchange when Alice initiates the process by sending Bob three numbers; "g", "p" and "g2B" (g to Bob) values.

Bob would need to use these three values to compute the "Shared Secret Key".  Bob also returns to Alice a computed "g2A" (g to Alice), now Bob is finished, he now knows the Shared Secret Key. Alice will also know the Shared Secret Key when she completes her next calculation.

Alice uses the returned "g2A" value to compute the same "Shared Secret Key".

It looks like magic, but it is simple when you look at the maths with small numbers, and knowing:

g^(ab) mod p  ==  g^(ba) mod p

where: "a" is Alice's secret key ("kA"), and "b" is Bob's secret key ("kB").

See the online documentation.

You will also learn from online documents, that "p" should be a Large Prime Number, and "g" should be greater than "0", but less than "p", and "k" is a Secret Key that should NOT be shared.

Which is all good advice, if you are implementing a banking system, or saving the world via encrypted text messages. But the Diffie Hellman function works regardless of the numbers used, so in the examples below, some small and maybe inappropriate values are used.

What started my interested in Diffie Hellman Key exchange is the UNIX provided, and neat little and powerful, utility called "bc". The "bc" command can deal with VERY large numbers without difficulty.

An Example:

A Diffie Hallman Example, with small numbers.

Assume that Alice, Bob and Eve will know and/or use the following:

gP =16
pP = 101

As stated above, these numbers could be suggested by Alice or Bob, or both. Or, the numbers could be hard coded into a application that they both use. If large enough, the knowledge of these numbers does NOT detract from security.

Note: For this example, I will use the upper case "P" to denote a number is "Public", "pP" is normally prime. I will use "kA" for Alice secret key, and "kB" for Bob's secret key. Also, "g2B" and "g2A" are the computed exchanged values. Then finally, "gS" becomes the value of the "Shared Secret Key".

Note: "g2B" and "g2A" are just like other "g" values that can be used in the same Diffie Hellman formula.

Eve can eavesdrop on all of the network data exchanges between Alice and Bob, but will NOT be able to compute the Shared Secret Key, because Eve is not privy to Alice's or Bob's Secret Keys.

-----------------------

Alice's Secret Key, known only by her, is: kA = 7

Alice wants to Share a Secret Key with Bob.

Alice computes a: g2B = (gP ^ kA) mod pP with her key.

Alice will do this on UNIX system with the values above using the following command:

$ g2B=`echo "(16^7)%101" | bc`
g2B becomes 80

Alice can now send "qP", "pP" and "g2B" to Bob as clear text within an email (or whatever). Note: Eve may or can eavesdrop on the Internet traffic.

-----------------------

Bob's Secret Key, known only by him, is: kB = 11

Because Bob also uses a UNIX system, he computes from the values sent from Alice a value to be returned to Alice: g2A = (gP ^ kB) mod pP

$ g2A=`echo "(16^11)%101" | bc`
g2A becomes 71

Bob can now sends Alice "g2A", so she can complete her side of the key exchange.

Bob also can compute the "Shared Secret Key" as:  gS = (g2B ^ kB) mod pP

$ gS=`echo "(80^11)%101" | bc`
gS becomes  54

Bob is now finished, he knows the Shared Secret Key as "54".

-----------------------

With the value of "g2A" sent by Bob, Alice can complete her side of the exchange, by computing: gS = (g2A ^ kA) mod pP

$ gS=`echo "(71^7)%101" | bc`
gS becomes 54

Alice now finished, she knows the Shared Secret Key as "54".

-----------------------

Both Alice and Bob both know the same value of "gS", the Share Secret Key as "54".  Alice or Bob, could now use the Shared Secret Key to encrypt messages that hopefully only the opposite could decrypt.

Eve is left clueless.

-----------------------

But there is a flaw !

With small numbers, as used in this example, Eve could Brute Force a decryption solution, by trying all numbers starting with "0". In this case it will only take 54 iterations to find the correct Shared Secret Key that would successfully decrypt Alice's message. Eve could easily know (via eavesdropping) the value of "pP" is small, and therefore, can assume the Secret Key is some number between 0 and 101, which implies a brute force attack is warranted.

But Normally

Normally, the values of "gP", "pP", and the resulting "g2B" and "g2A" are VERY much larger numbers, maybe hundreds or thousands of digits.

Imagine what Eve prospects of having enough CPU horse power to attempt a sequential attack if "pP" is extremely large number -  prospects = none.

If "pP" is large enough, a brute force attack could take forever even with multiple very fast computers.

Some Experiments

Remember I said "bc" can deal with large numbers, well, to avoid "typing" a large number I will use exponentiation to generate some numbers for "qP" and "pP", for Alice try this:

$ gP="(3^456)"
$ pP="(2^4253-1)"  # A Large Prime Number
$ kA="12345"

$ time echo "${gP}^${kA} % ${pP}" | bc

On my 3.2GHz Workstation, this took about 6 minutes to compute, if necessary try shorten the lapse time, by changing Alice's key to "123".



$ gP="(3^456)"
$ pP="(2^4253-1)"
$ kA="12345"

$ time echo "${gP}^${kA} % ${pP}" | bc
80926261610442626577264521832490790161484618732554432140432039188058\
63206215275578738866144144831890725477013508191723348004478728927721\
95788786903156432412894232199564275068253627223471477034284902245829\
91421266442623706953457344345029183351048403313211524973218664085545\
87664348342026922029976056154815423683953094807171496683969416932115\
99132155230551185025739817346443301752666222054850477088018492513173\
91624760224393336362809726321106680382250456588357956381388166323729\
38771361918677860624224646340387910263769022858722611291936528412356\
03100668125135517222317410124988021081469568935461035793383680680665\
55390092789716566511778596204161424690071853937453863897083377508927\
67048039381017256779118656382146384480277810498377460548282809326731\
69234441684180112706844382298511472521071812891762065337050899792993\
70060526297317940169650082051030560624756658527561344770507458651702\
43716790444907248809569095106287466645236990947552803718232042574873\
11042448383261839081283910961519762548619655187688322601121778057413\
25524176872795543285574829694591574831681802471828336907766795593351\
38229222971475049624002124059810014875496597620324310354937668694220\
99070653730452586152318927155511512700751348007603716449001964877066\
01906432412801407287885578931224463376104843439581857726

real 5m48.432s
user 5m44.929s
sys 0m0.400s



The results is about 1200 digits for "g2B".


Stay tuned, more interesting "bc" observations to follow.


Me?, I just like very BIG numbers  :-)

-- Home Page: https://WA0UWH.blogspot.com