So How Many Bits Does The Prime Number Have?

“Education isn’t something you can finish.” — Isaac Asimov (1920–1992)

Recently, we had an interview with someone who was applying for a PhD studentship. The candidate had an MSc in Cybersecurity (from another university, I should say), and so as a little icebreaker, we said, “Do you know public key encryption?”, “Oh, yes”, “And do you know RSA?”, “Yes”, “Well, how many bits does the key have?”, “Mmm. Is it 8?”, “No. I don’t think so. That doesn’t sound like a strong key”, “Is it 128 bits? Yes. I remember something about 128 bits”, “No. Not really”, “Is it one bit?”, “Nope. Well. That wouldn’t be secure. Okay, but what’s in the key?”, “Is it bits?”, “Yes. But what do they make-up”, “Is it encryption?”.

We went onto talk about something else.

And so, I worry greatly about the consistency of standards defined in cybersecurity education, if there is at least one person who says they know RSA, and struggles to even explain the basics. For me, it’s like an electrical engineer saying that they know Ohm’s Law, but having to use Wikipedia every time they need to calculate current flows.

It’s all about primes

RSA has been around for over 40 years, and it’s at the core of much of the trust on the Internet. So let’s…