[ISN] RSA: Crack DES in a Day

From: mea culpa (jerichoat_private)
Date: Tue Dec 22 1998 - 23:39:25 PST

  • Next message: mea culpa: "[ISN] The long, strong arm of the NSA"

    Forwarded From: phreakmoi <hackereliteat_private>
    RSA: Crack DES in a Day
    by Chris Oakes
    2:05 p.m.  22.Dec.98.PST
    RSA Data Security is trying to drive home a very simple point: The US
    government's standard for securing sensitive data from prying eyes is far
    too weak. 
    The encryption technology vendor launched another encryption challenge
    Tuesday. RSA's DES Challenge III invites hackers and computer experts to
    illustrate the main point repeatedly made by opponents of US encryption
    RSA claims messages and data secured with the Data Encryption Standard, or
    DES, can be cracked in a few days.  Therefore, it argues, the government
    should replace DES with more modern, stronger encryption technology. 
    The government established the 56-bit DES as a standard in 1977. It claims
    that the vast difficulty and expense in cracking DES makes it sufficiently
    safe.  Allowing the use of stronger encryption, the government maintains,
    would only help terrorists and other criminals communicate without
    government monitoring. 
    The export of 128-bit "strong" encryption without "key recovery" is
    illegal. Key recovery allows third parties, such as law enforcement, to
    retrieve encrypted information. The US policy has long angered privacy
    advocates and the computer industry, which is eager to sell its encryption
    wares overseas. 
    "Coordinating this around a public challenge reminds people that [fast DES
    cracks] are possible," said Burt Kaliski, chief scientist at RSA Labs.
    "This is going to become a more routine sort of occurrence. Letting it be
    done in public view calls attention to that." 
    The winners of RSA's last challenge cracked DES in just 56 hours. So now
    RSA is calling on contestants to crack open an encoded message in 24 to 48
    hours, and there's money in it for whoever does. 
    "The target we're looking for is to get down to one day," Kaliski said.
    "We've set the threshold so that basically anything less than two days
    wins US$5,000, and one day [or less] wins $10,000."  RSA: Crack DES in a
    Day Page 2 2:05 p.m.  22.Dec.98.PST
    RSA's ongoing contests are meant to hammer home the idea that DES is an
    ineffective form of encryption for international use, and that much
    stronger encryption algorithms must be approved to ensure the security of
    data destined for use beyond US shores.
    The original DES Challenge in January 1997 was won by a Coloradan, Rocke
    Verser. He cracked a DES-encrypted message in 96 days. A year later that
    record was halved, when distributed.net -- a project coordinating the idle
    processing power of thousands of computers via the Internet -- decrypted a
    message in 41 days. 
    Finally, last July, the Electronic Frontier Foundation won a third
    challenge (inexplicably called "DES Challenge II-2"), unlocking a message
    in only 56 hours.
    The new 24-hour target shows the absurd futility -- and short shelf life
    -- of DES, said David McNett, co-founder of distributed.net. "To be down
    to a 24-hour time frame within 36 months [of the first challenge] is just
    stunning," he said. 
    "Certainly your adversary could muster more strength than a moderately
    funded organization like distributed.net," said McNett. "If you were
    Coca-Cola, you want the formula for Coke to stay secret for a long time."
    Yet if Coca-Cola -- or anyone else -- has data that needs to be kept
    private for longer than 14 days, he said, DES would be woefully
    The contest will begin at next month's RSA Data Security conference in San
    Jose, California. 
    Lori Fena, chairwoman of the Electronic Frontier Foundation, said the
    contests are very important. "They continually push the envelope as far as
    what is considered strong security. They show the great leaps and bounds
    that technology takes." 
    Global Internet policies have to be ahead, not behind, that curve, she
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:24 PDT