Yes, it is legal to crack RSA. Indeed, RSA Laboratories itself has
regularly encouraged people to break its encryption by issuing
factoring challenges, complete with cash rewards for so doing. They
even give suggestions. The most recent number factored was 512 bits
(155 digits) in length (1999). They expect the next largest challenge
number (576 bits) to be factored within a year. If someone can find a
simple technique to factor that and larger numbers, then RSA would be
obliged to pay the respective rewards.
The RSA Factoring Challenge FAQ
http://www.rsasecurity.com/rsalabs/challenges/factoring/faq.html
"What is the RSA Factoring Challenge?
The RSA Factoring challenge is an effort, sponsored by RSA
Laboratories, to learn about the actual difficulty of factoring large
numbers of the type used in RSA keys. A set of eight challenge
numbers, ranging in size from 576 bits to 2048 bits is posted here
<http://www.rsasecurity.com/rsalabs/challenges/factoring/numbers.html>.
Each number is the product of two large primes, similar to the modulus
of an RSA key pair."
The RSA Challenge Numbers
http://www.rsasecurity.com/rsalabs/challenges/factoring/numbers.html
"A link to each of the eight RSA challenge numbers is listed below.
The numbers are designated "RSAXXXX", where XXXX is the number's
length, in bits. The values are presented as decimal strings, with the
most significant digit first. Also listed are the number of digits,
the decimal sum of the digits and the dollar amount to be awarded for
a successful factorization.
Each challenge number may be downloaded as an ASCII text file. The
entire challenge list may be downloaded, in ASCII text format, using
the link below. Challenge Number Prize ($US) Status Submission Date
Submitter(s)
RSA576 <#RSA576> $10,000 Not Factored
RSA640 <#RSA640> $20,000 Not Factored
RSA704 <#RSA704> $30,000 Not Factored
RSA768 <#RSA768> $50,000 Not Factored
RSA896 <#RSA896> $75,000 Not Factored
RSA1024 <#RSA1024> $100,000 Not Factored
RSA1536 <#RSA1536> $150,000 Not Factored
RSA2048 <#RSA2048> $200,000 Not Factored"
Factorization of RSA155
http://www.rsasecurity.com/rsalabs/challenges/factoring/rsa155.html
"On August 22, 1999, a group of researchers completed the
factorization of the 155 digit (512 bit) RSA Challenge Number. The
work was accomplished with the General Number Field Sieve."
SERACH TERMS
Searched the RSA Web site for "challenge."
http://www.rsasecurity.com
hlabadiega 
Clarification of Answer by
hlabadiega
on
06 Dec 2003 21:27 PST
The algorithm is not secret, having been disclosed in the original
patent, and is available for inspection and deconstruction. In
addition, the patent has expired, and RSA Laboratories has
relinquished its rights.
RSA Labs' FAQ 4.1
6.3.1 Is RSA patented?
http://www.rsasecurity.com/rsalabs/faq/631.html
"On September 6, 2000, RSA Security made the RSA algorithm publicly
available and waived its rights to enforce the RSA patent for any
development activities that include the algorithm occurring after
September 6, 2000. From this date forward, companies are able to
develop products that incorporate their own implementation of the RSA
algorithm and sell these products in the U.S."
If you can find a flaw in it, then you can certainly publish it as your own work.
hlabadiega
