[ISN] Notre Dame math whiz cracks Certicom code contest

From: InfoSec News (isnat_private)
Date: Thu Nov 07 2002 - 02:51:28 PST

  • Next message: InfoSec News: "[ISN] Book review - "Honeypots: Tracking Hackers" by Lance Spitzner"

    http://www.siliconvalley.com/mld/siliconvalley/4459218.htm
    
    November 06, 2002
    
    OTTAWA, (Reuters) - And you thought you had tough math homework?
    
    Consider the work that went into cracking a secret code developed by
    Toronto-based Certicom Corp., which makes wireless encryption
    software.
    
    It took the power of 10,000 computers running around the clock for 549
    days, coupled with the brain power of a mathematician at Indiana's
    University of Notre Dame, to complete one of the world's largest
    single math computations.
    
    Certicom had challenged scientists, mathematicians, cryptographers and
    hackers to try to break one of the encryption codes the firm uses to
    protect digital data.
    
    The solution, rewarded with a $10,000 prize and even richer bragging
    rights, was reached at 12:56 p.m. on Oct. 15, said Notre Dame
    researcher and teacher Chris Monico.
    
    ``I stared at it in mild disbelief for a while,'' he said. ``I wanted
    desperately to jump up and down, but the mathematician in me said
    `You'd better double check'.''
    
    Monico's pleasure at breaking the code was matched by the contest's
    creator and Certicom founder, Scott Vanstone.
    
    ``Our technology is based on a very hard mathematical problem, so what
    we wanted to do is validate how difficult it really is,'' he told
    Reuters.
    
    ``When somebody asks have hackers attempted to break your system, we
    say of course, we in fact encourage it. Please go try. And here's the
    results.''
    
    Vanstone points out the massive computer power used to crack the code
    in this challenge would have broken the Enigma code, a cipher used by
    Germany during World War Two, in a matter of seconds.
    
    The solution, he added, gave access to just one person's key, or
    identity, and cracked only a 109-bit key, whereas Certicom's products
    start at a 163-bit key to protect data.
    
    ``It would be about 100 million times harder (to break) than what was
    just done,'' Vanstone said. ``If you could get every machine on the
    planet working on the problem...you're still not going to be able to
    touch the 163 problem.''
    
    Monico said he doesn't have time to tackle the next 131-bit key
    challenge, which has a $20,000 prize, but did share his computer
    program with a ``motley crew'' of half a dozen ``computer guys''.
    
    The Certicom challenge, started in 1997, has attracted 247 teams with
    more than 10,000 members, including cryptographers, computer
    scientists and mathematicians.
    
    Monico, who took up the challenge to ``raise awareness of
    cryptography'', will donate the bulk of his prize money to the Free
    Software Foundation and the remaining $2,000 to two men whose
    computers helped solve the problem.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 05:00:26 PST