[ISN] DES search faces possible legal challenge

From: mea culpa (jerichoat_private)
Date: Tue May 12 1998 - 23:22:35 PDT

Next message: mea culpa: "[ISN] Network Associates aims for one-stop shop"

Previous message: mea culpa: "[ISN] HPC Report (crypto)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: "Jay D. Dyson" <jdysonat_private>
Forwarded From: Frank Andrew Stevenson <frankat_private>
Posted To: cryptographyat_private

After over 1 year of preperation the keyblitz project realeased it's DES
searching client on May 1st this year, the search was only allowed to run
for 11 days before it faced a possible legal challenge: 

http://www.thoic.com/keyblitz/

The keyblitz search is not a academic DES challenge, but a real life
'malicious' attack on a deployed cryptographic system. The target of the
search is management keys for the European D2-MAC / Eurocrypt sattelite
scrambling system. 

Although the search had only been running for 11 days the team claimed to
have recovered 2 DES keys already. This is made possible by exploiting a
weakness in the Eurocrypt protocoll.  TV signals are coded under the
control of a single Operational key. However this key is continously being
updated to the systems smart cards encrypted under as many as perhaps 2000
different managment keys. Recovering a single managment key will suffice
to recover future operational keys. 

The modified DES search will encrypt the known operational (plaintext) key
with a set of trial keys, and check every encryption against the list of
2000 ciphertexts. Such a lookup is much faster that 2000 trial
encryptions, and can be done quickly using binary search or table lookups.
The net result is that the complexity of recovering a single management
key is 2^45 as opposed to 2^55 of recovering a single DES key. 

Subsequent operational keys can then be found by simple decryption, and
published over the internet on such sites as http://www.d2mac.com

  frank

- -- 
This sentence is unique in this respect;
it can safely be attributed to my employer, Funcom productions.
E3D2BCADBEF8C82F A5891D2B6730EA1B PGPencrypted mail preferred, finger for key
There is no place like N59 50.558' E010 50.870'.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNVhybOe1NzV7EsRFAQHkwQP8CG962QTqi+U9ML+3T1uflfJYipW6i3V/
R3keDS7htyl4b90RYzjeMspYobwexBESlJF7HI8BGpOXx6hGYfgKcgDDorbFz2eK
LwhTDXgY8nDLB16yXO5hrIWbLm3UJ7ipzCWykbWesLRIIiNZu0t0kjMx2xiqUA/U
Rmdn+b0rD5E=
=Ygmx
-----END PGP SIGNATURE-----

-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

Next message: mea culpa: "[ISN] Network Associates aims for one-stop shop"
Previous message: mea culpa: "[ISN] HPC Report (crypto)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:52:57 PDT