[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: EFF, distributed.net set new crypto record, win

------- Forwarded Message Follows -------
Date:          Tue, 19 Jan 1999 14:47:35 -0500
To:            politech@vorlon.mit.edu
From:          Declan McCullagh <declan@well.com>
Subject:       FC: EFF, distributed.net set new crypto record, win RSA contest
Reply-to:      declan@well.com

RSA Code-Breaking Contest Again Won by Distributed.Net and Electronic
Frontier Foundation (EFF) 

DES Challenge III Broken in Record 22 Hours 

Breaking the previous record of 56 hours, Distributed.Net, a worldwide
coalition of computer enthusiasts, worked with the Electronic Frontier
Foundation^Os (EFF) ^ODeep Crack,^O a specially designed
supercomputer, and a worldwide network of nearly 100,000 PCs on the
Internet, to win RSA Data Security^Os DES Challenge III in a
record-breaking 22 hours and 15 minutes. The worldwide computing team
deciphered a secret message encrypted with the United States
government's Data Encryption Standard (DES) algorithm using commonly
available technology. From the floor of the RSA Data Security
Conference & Expo, a major data security and cryptography conference
being held in San Jose, Calif., EFF^Os ^ODeep Crack^O and the
Distributed.Net computers were testing 245 billion keys per second
when the key was found. First adopted by the federal government in
1977, the 56-bit DES algorithm is still widely used by financial
services and other industries worldwide to protect sensitive on-line
applications, despite growing concerns about its vulnerability. RSA
has been sponsoring a series of DES-cracking contests to highlight the
need for encryption stronger than the current 56-bit standard widely
used to secure both U.S. and international commerce. ^OAs today's
demonstration shows, we are quickly reaching the time when anyone with
a standard desktop PC can potentially pose a real threat to systems
relying on such vulnerable security,^O said Jim Bidzos, president of
RSA Data Security, Inc. ^OIt has been widely known that 56-bit keys,
such as those offered by the government^Os DES standard, offer only
marginal protection against a committed adversary. We congratulate
Distributed.Net and the EFF for their achievement in breaking DES in
record-breaking time.^O As part of the contest, RSA awarded a $10,000
prize to the winners at a special ceremony held during the RSA
Conference. The goal of this DES Challenge contest was not only to
recover the secret key used to DES-encrypt a plain-text message, but
to do so faster than previous winners in the series. As before, a cash
prize was awarded for the first correct entry received. The amount of
the prize was based on how quickly the key was recovered. ^OThe
diversity, volume and growth in participation that we have seen at
Distributed.Net not only demonstrates the incredible power of
distributed computing as a tool, but also underlines the fact that
concern over cryptography controls is widespread,^O said David McNett,
co-founder of Distributed.Net. "EFF believes strongly in providing the
public and industry with reliable and honest evaluations of the
security offered by DES. We hope the result of today's DES Cracker
demonstration delivers a wake-up call to those who still believe DES
offers adequate security," said John Gilmore, EFF co-founder and
project leader. "The government^Os current encryption policies
favoring DES risk the security of the national and world
infrastructure." The Electronic Frontier Foundation began its
investigation into DES cracking in 1997 to determine just how easily
and cheaply a hardware-based DES Cracker (i.e., a code-breaking
machine to crack the DES code) could be constructed. Less than one
year later and for well under U.S. $250,000, the EFF, using its DES
Cracker, entered and won the RSA DES Challenge II-2 competition in
less than 3 days, proving that DES is not very secure and that such a
machine is inexpensive to design and build. "Our combined worldwide
team searched more than 240 billion keys every second for nearly 23
hours before we found the right 56-bit key to decrypt the answer to
the RSA Challenge, which was ^ŃSee you in Rome (second AES Conference,
March 22-23, 1999)^O,^O said Gilmore. The reason this message was
chosen is that the Advanced Encryption Standard (AES) initiative
proposes replacing DES using encryption keys of at least 128 bits.
RSA^Os original DES Challenge was launched in January 1997 with the
aim of demonstrating that DES offers only marginal protection against
a committed adversary. This was confirmed when a team led by Rocke
Verser of Loveland, Colorado recovered the secret key in 96 days,
winning DES Challenge I. Since that time, improved technology has made
much faster exhaustive search efforts possible. In February 1998,
Distributed.Net won RSA^Os DES Challenge II-1 with a 41-day effort,
and in July, the Electronic Frontier Foundation (EFF) won RSA^Os DES
Challenge II-2 when it cracked the DES message in 56 hours. RSA Data
Security, Inc. RSA Data Security, Inc., a wholly owned subsidiary of
Security Dynamics Technologies, Inc. (NASDAQ: SDTI), is a leading
supplier of software components that secure electronic data, with more
than 400 million copies of RSA encryption and authentication
technologies installed worldwide. RSA technologies are part of
existing and proposed standards for the Internet and World Wide Web,
ISO, ITU-T, ANSI, IEEE, and business, financial and electronic
commerce networks around the globe. RSA develops and markets
platform-independent security components and related developer kits
and provides comprehensive cryptographic consulting services. RSA can
be reached at http://www.rsa.com. (30)

---- POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo@vorlon.mit.edu with this
text: subscribe politech More information is at