Forwarded From: phreakmoi <hackereliteat_private> http://www.wired.com/news/news/technology/story/16995.html RSA: Crack DES in a Day by Chris Oakes 2:05 p.m. 22.Dec.98.PST RSA Data Security is trying to drive home a very simple point: The US government's standard for securing sensitive data from prying eyes is far too weak. The encryption technology vendor launched another encryption challenge Tuesday. RSA's DES Challenge III invites hackers and computer experts to illustrate the main point repeatedly made by opponents of US encryption policy. RSA claims messages and data secured with the Data Encryption Standard, or DES, can be cracked in a few days. Therefore, it argues, the government should replace DES with more modern, stronger encryption technology. The government established the 56-bit DES as a standard in 1977. It claims that the vast difficulty and expense in cracking DES makes it sufficiently safe. Allowing the use of stronger encryption, the government maintains, would only help terrorists and other criminals communicate without government monitoring. The export of 128-bit "strong" encryption without "key recovery" is illegal. Key recovery allows third parties, such as law enforcement, to retrieve encrypted information. The US policy has long angered privacy advocates and the computer industry, which is eager to sell its encryption wares overseas. "Coordinating this around a public challenge reminds people that [fast DES cracks] are possible," said Burt Kaliski, chief scientist at RSA Labs. "This is going to become a more routine sort of occurrence. Letting it be done in public view calls attention to that." The winners of RSA's last challenge cracked DES in just 56 hours. So now RSA is calling on contestants to crack open an encoded message in 24 to 48 hours, and there's money in it for whoever does. "The target we're looking for is to get down to one day," Kaliski said. "We've set the threshold so that basically anything less than two days wins US$5,000, and one day [or less] wins $10,000." RSA: Crack DES in a Day Page 2 2:05 p.m. 22.Dec.98.PST RSA's ongoing contests are meant to hammer home the idea that DES is an ineffective form of encryption for international use, and that much stronger encryption algorithms must be approved to ensure the security of data destined for use beyond US shores. The original DES Challenge in January 1997 was won by a Coloradan, Rocke Verser. He cracked a DES-encrypted message in 96 days. A year later that record was halved, when distributed.net -- a project coordinating the idle processing power of thousands of computers via the Internet -- decrypted a message in 41 days. Finally, last July, the Electronic Frontier Foundation won a third challenge (inexplicably called "DES Challenge II-2"), unlocking a message in only 56 hours. The new 24-hour target shows the absurd futility -- and short shelf life -- of DES, said David McNett, co-founder of distributed.net. "To be down to a 24-hour time frame within 36 months [of the first challenge] is just stunning," he said. "Certainly your adversary could muster more strength than a moderately funded organization like distributed.net," said McNett. "If you were Coca-Cola, you want the formula for Coke to stay secret for a long time." Yet if Coca-Cola -- or anyone else -- has data that needs to be kept private for longer than 14 days, he said, DES would be woefully inadequate. The contest will begin at next month's RSA Data Security conference in San Jose, California. Lori Fena, chairwoman of the Electronic Frontier Foundation, said the contests are very important. "They continually push the envelope as far as what is considered strong security. They show the great leaps and bounds that technology takes." Global Internet policies have to be ahead, not behind, that curve, she said. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:24 PDT