[ISN] DES search faces possible legal challenge

From: mea culpa (jerichoat_private)
Date: Tue May 12 1998 - 23:22:35 PDT

  • Next message: mea culpa: "[ISN] Network Associates aims for one-stop shop"

    Forwarded From: "Jay D. Dyson" <jdysonat_private>
    Forwarded From: Frank Andrew Stevenson <frankat_private>
    Posted To: cryptographyat_private
    After over 1 year of preperation the keyblitz project realeased it's DES
    searching client on May 1st this year, the search was only allowed to run
    for 11 days before it faced a possible legal challenge: 
    The keyblitz search is not a academic DES challenge, but a real life
    'malicious' attack on a deployed cryptographic system. The target of the
    search is management keys for the European D2-MAC / Eurocrypt sattelite
    scrambling system. 
    Although the search had only been running for 11 days the team claimed to
    have recovered 2 DES keys already. This is made possible by exploiting a
    weakness in the Eurocrypt protocoll.  TV signals are coded under the
    control of a single Operational key. However this key is continously being
    updated to the systems smart cards encrypted under as many as perhaps 2000
    different managment keys. Recovering a single managment key will suffice
    to recover future operational keys. 
    The modified DES search will encrypt the known operational (plaintext) key
    with a set of trial keys, and check every encryption against the list of
    2000 ciphertexts. Such a lookup is much faster that 2000 trial
    encryptions, and can be done quickly using binary search or table lookups.
    The net result is that the complexity of recovering a single management
    key is 2^45 as opposed to 2^55 of recovering a single DES key. 
    Subsequent operational keys can then be found by simple decryption, and
    published over the internet on such sites as http://www.d2mac.com
    - -- 
    This sentence is unique in this respect;
    it can safely be attributed to my employer, Funcom productions.
    E3D2BCADBEF8C82F A5891D2B6730EA1B PGPencrypted mail preferred, finger for key
    There is no place like N59 50.558' E010 50.870'.
    Version: 2.6.2
    -----END PGP SIGNATURE-----
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:52:57 PDT