[ISN] EFF DES Cracker Brings Honesty to Crypto Debate

From: mea culpa (jerichot_private)
Date: Mon Jul 20 1998 - 10:09:42 PDT

  • Next message: mea culpa: "[ISN] Singaporean fined for cyber-theft, downloading porn"

    To: coderpunkst_private
    From: Bruce Schneier <schneiert_private>
    July 17, 1998
       Alexander Fowler, +1 202 462 5826, afowlert_private
       Barry Steinhardt, +1 415 436 9333 ext. 102, barryst_private
       John Gilmore, +1 415 221 6524, gnut_private
    SAN FRANCISCO, CA -- The Electronic Frontier Foundation (EFF) today raised
    the level of honesty in crypto politics by revealing that the Data
    Encryption Standard (DES) is insecure.  The U.S. government has long
    pressed industry to limit encryption to DES (and even weaker forms),
    without revealing how easy it is to crack.  Continued adherence to this
    policy would put critical infrastructures at risk; society should choose a
    different course. 
    To prove the insecurity of DES, EFF built the first unclassified hardware
    for cracking messages encoded with it.  On Wednesday of this week the EFF
    DES Cracker, which was built for less than $250,000, easily won RSA
    Laboratory's "DES Challenge II" contest and a $10,000 cash prize.  It took
    the machine less than 3 days to complete the challenge, shattering the
    previous record of 39 days set by a massive network of tens of thousands
    of computers.  The research results are fully documented in a book
    published this week by EFF and O'Reilly and Associates, entitled "Cracking
    DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design." 
    "Producing a workable policy for encryption has proven a very hard
    political challenge.  We believe that it will only be possible to craft
    good policies if all the players are honest with one another and the
    public," said John Gilmore, EFF co-founder and project leader.  "When the
    government won't reveal relevant facts, the private sector must
    independently conduct the research and publish the results so that we can
    all see the social trade-offs involved in policy choices." 
    The nonprofit foundation designed and built the EFF DES Cracker to counter
    the claim made by U.S. government officials that governments cannot
    decrypt information when protected by DES, or that it would take
    multimillion-dollar networks of computers months to decrypt one message. 
    "The government has used that claim to justify policies of weak encryption
    and 'key recovery,' which erode privacy and security in the digital age,"
    said EFF Executive Director Barry Steinhardt.  It is now time for an
    honest and fully informed debate, which we believe will lead to a reversal
    of these policies." 
    "EFF has proved what has been argued by scientists for twenty years, that
    DES can be cracked quickly and inexpensively," said Gilmore.  "Now that
    the public knows, it will not be fooled into buying products that promise
    real privacy but only deliver DES.  This will prevent manufacturers from
    buckling under government pressure to 'dumb down' their products, since
    such products will no longer sell."  Steinhardt added, "If a small
    nonprofit can crack DES, your competitors can too.  Five years from now
    some teenager may well build a DES Cracker as her high school science fair
    The Data Encryption Standard, adopted as a federal standard in 1977 to
    protect unclassified communications and data, was designed by IBM and
    modified by the National Security Agency.  It uses 56-bit keys, meaning a
    user must employ precisely the right combination of 56 1s and 0s to decode
    information correctly.  DES accounted for more than $125 million annually
    in software and hardware sales, according to a 1993 article in "Federal
    Computer Week."  Trusted Information Systems reported last December that
    DES can be found in 281 foreign and 466 domestic encryption products,
    which accounts for between a third and half of the market. 
    A DES cracker is a machine that can read information encrypted with DES by
    finding the key that was used to encrypt that data.  DES crackers have
    been researched by scientists and speculated about in the popular
    literature on cryptography since the 1970s.  The design of the EFF DES
    Cracker consists of an ordinary personal computer connected to a large
    array of custom chips.  It took EFF less than one year to build and cost
    less than $250,000. 
    This week marks the first public test of the EFF DES Cracker, which won
    the latest DES-cracking speed competition sponsored by RSA Laboratories
    (http://www.rsa.com/rsalabs/).  Two previous RSA challenges proved that
    massive collections of computers coordinated over the Internet could
    successfully crack DES.  Beginning Monday morning, the EFF DES Cracker
    began searching for the correct answer to this latest challenge, the RSA
    DES Challenge II-2.  In less than 3 days of searching, the EFF DES Cracker
    found the correct key.  "We searched more than 88 billion keys every
    second, for 56 hours, before we found the right 56-bit key to decrypt the
    answer to the RSA challenge, which was 'It's time for those 128-, 192-,
    and 256-bit keys,'" said Gilmore. 
    Many of the world's top cryptographers agree that the EFF DES Cracker
    represents a fundamental breakthrough in how we evaluate computer security
    and the public policies that control its use.  "With the advent of the EFF
    DES Cracker machine, the game changes forever," said Whitfield Diffie,
    Distinguished Engineer at Sun Microsystems and famed co-inventor of public
    key cryptography.  "Vast Internet collaborations cannot be concealed and
    so they cannot be used to attack real, secret messages.  The EFF DES
    Cracker shows that it is easy to build search engines that can." 
    "The news is not that a DES cracker can be built; we've known that for
    years," said Bruce Schneier, the President of Counterpane Systems.  "The
    news is that it can be built cheaply using off-the-shelf technology and
    minimal engineering, even though the department of Justice and the FBI
    have been denying that this was possible."  Matt Blaze, a cryptographer at
    AT&T Labs, agreed: "Today's announcement is significant because it
    unambiguously demonstrates that DES is vulnerable, even to attackers with
    relatively modest resources.  The existence of the EFF DES Cracker proves
    that the threat of "brute force" DES key search is a reality.  Although
    the cryptographic community has understood for years that DES keys are
    much too small, DES-based systems are still being designed and used today. 
    Today's announcement should dissuade anyone from using DES." 
    EFF and O'Reilly and Associates have published a book about the EFF DES
    Cracker, "Cracking DES: Secrets of Encryption Research, Wiretap Politics,
    and Chip Design."  The book contains the complete design details for the
    EFF DES Cracker chips, boards, and software.  This provides other
    researchers with the necessary data to fully reproduce, validate, and/or
    improve on EFF's research, an important step in the scientific method. 
    The book is only available on paper because U.S. export controls on
    encryption potentially make it a crime to publish such information on the
    EFF has prepared a background document on the EFF DES Cracker, which
    includes the foreword by Whitfield Diffie to "Cracking DES."  See
    http://www.eff.org/descracker/.  The book can be ordered for worldwide
    delivery from O'Reilly & Associates at
    http://www.ora.com/catalog/crackdes, +1 800 998 9938, or +1 707 829 0515. 
    The Electronic Frontier Foundation is one of the leading civil liberties
    organizations devoted to ensuring that the Internet remains the world's
    first truly global vehicle for free speech, and that the privacy and
    security of all on-line communication is preserved.  Founded in 1990 as a
    nonprofit, public interest organization, EFF is based in San Francisco,
    California.  EFF maintains an extensive archive of information on
    encryption policy, privacy, and free speech at http://www.eff.org. 
      Alexander Fowler
      Director of Public Affairs
      Electronic Frontier Foundation
      E-mail: afowlert_private
      Tel/Fax: 202 462 5826 (East Coast)
      Tel: 415 436 9333; Fax 415 436 9993 (West Coast)
      You can find EFF on the Web at <http://www.eff.org>
      EFF supports the Global Internet Liberty Campaign
    Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
    101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
               Free crypto newsletter.  See:  http://www.counterpane.com
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:51 PDT