RE: EFF cracks DES II-2

Tim Byars (tbyars@earthlink.net)
Fri, 17 Jul 1998 11:21:11 -0700


At 10:43 AM -0700 7/17/98, Robert Harley came up with this:

> The Electronic Frontier Foundation solved it in 56 hours using $250000
> of dedicated hardware!!! Previously this kind of attack was just
> "feasible in theory" or of the "maybe the NSA has one in their
> basement" persuasion. The message was:
> It's time for those 128-, 192-, and 256-bit keys
>
> See:
> http://www.eff.org./descracker.html

> FOR IMMEDIATE RELEASE
> July 17, 1998
>
> CONTACTS:
> Alexander Fowler, +1 202 462 5826, afowler@eff.org
> Barry Steinhardt, +1 415 436 9333 ext. 102, barrys@eff.org
> John Gilmore, +1 415 221 6524, gnu@toad.com
>
> "EFF DES CRACKER" MACHINE BRINGS HONESTY TO CRYPTO DEBATE
>
> ELECTRONIC FRONTIER FOUNDATION PROVES THAT DES IS NOT SECURE
>
> SAN FRANCISCO, CA -- The Electronic Frontier Foundation (EFF) today
> raised the level of honesty in crypto politics by revealing that the
> Data Encryption Standard (DES) is insecure. The U.S. government has
> long pressed industry to limit encryption to DES (and even weaker
> forms), without revealing how easy it is to crack. Continued adherence
> to this policy would put critical infrastructures at risk; society
> should choose a different course.
>
> To prove the insecurity of DES, EFF built the first unclassified
> hardware for cracking messages encoded with it. On Wednesday of this
> week the EFF DES Cracker, which was built for less than $250,000,
> easily won RSA Laboratory's "DES Challenge II" contest and a $10,000
> cash prize. It took the machine less than 3 days to complete the
> challenge, shattering the previous record of 39 days set by a massive
> network of tens of thousands of computers. The research results are
> fully documented in a book published this week by EFF and O'Reilly and
> Associates, entitled "Cracking DES: Secrets of Encryption Research,
> Wiretap Politics, and Chip Design."
>
> "Producing a workable policy for encryption has proven a very hard
> political challenge. We believe that it will only be possible to
> craft good policies if all the players are honest with one another and
> the public," said John Gilmore, EFF co-founder and project leader. "When
> the government won't reveal relevant facts, the private sector must
> independently conduct the research and publish the results so that we
> can all see the social trade-offs involved in policy choices."
>
> The nonprofit foundation designed and built the EFF DES Cracker to
> counter the claim made by U.S. government officials that governments
> cannot decrypt information when protected by DES, or that it would
> take multimillion-dollar networks of computers months to decrypt one
> message. "The government has used that claim to justify policies of
> weak encryption and 'key recovery,' which erode privacy and security
> in the digital age," said EFF Executive Director Barry Steinhardt. It
> is now time for an honest and fully informed debate, which we believe
> will lead to a reversal of these policies."
>
> "EFF has proved what has been argued by scientists for twenty years,
> that DES can be cracked quickly and inexpensively," said Gilmore.
> "Now that the public knows, it will not be fooled into buying products
> that promise real privacy but only deliver DES. This will prevent
> manufacturers from buckling under government pressure to 'dumb down'
> their products, since such products will no longer sell." Steinhardt
> added, "If a small nonprofit can crack DES, your competitors can too.
> Five years from now some teenager may well build a DES Cracker as her
> high school science fair project."
>
> The Data Encryption Standard, adopted as a federal standard in 1977 to
> protect unclassified communications and data, was designed by IBM and
> modified by the National Security Agency. It uses 56-bit keys,
> meaning a user must employ precisely the right combination of 56 1s
> and 0s to decode information correctly. DES accounted for more than
> $125 million annually in software and hardware sales, according to a
> 1993 article in "Federal Computer Week." Trusted Information Systems
> reported last December that DES can be found in 281 foreign and 466
> domestic encryption products, which accounts for between a third and
> half of the market.
>
> A DES cracker is a machine that can read information encrypted with
> DES by finding the key that was used to encrypt that data. DES
> crackers have been researched by scientists and speculated about in
> the popular literature on cryptography since the 1970s. The design
> of the EFF DES Cracker consists of an ordinary personal computer
> connected to a large array of custom chips. It took EFF less than
> one year to build and cost less than $250,000.
>
> This week marks the first public test of the EFF DES Cracker, which
> won the latest DES-cracking speed competition sponsored by RSA
> Laboratories (http://www.rsa.com/rsalabs/). Two previous RSA
> challenges proved that massive collections of computers coordinated
> over the Internet could successfully crack DES. Beginning Monday
> morning, the EFF DES Cracker began searching for the correct answer to
> this latest challenge, the RSA DES Challenge II-2. In less than 3
> days of searching, the EFF DES Cracker found the correct key. "We
> searched more than 88 billion keys every second, for 56 hours, before
> we found the right 56-bit key to decrypt the answer to the RSA
> challenge, which was 'It's time for those 128-, 192-, and 256-bit
> keys,'" said Gilmore.
>
> Many of the world's top cryptographers agree that the EFF DES Cracker
> represents a fundamental breakthrough in how we evaluate computer
> security and the public policies that control its use. "With the
> advent of the EFF DES Cracker machine, the game changes forever," said
> Whitfield Diffie, Distinguished Engineer at Sun Microsystems and famed
> co-inventor of public key cryptography. "Vast Internet collaborations
> cannot be concealed and so they cannot be used to attack real, secret
> messages. The EFF DES Cracker shows that it is easy to build search
> engines that can."
>
> "The news is not that a DES cracker can be built; we've known that for
> years," said Bruce Schneier, the President of Counterpane Systems.
> "The news is that it can be built cheaply using off-the-shelf technology
> and minimal engineering, even though the department of Justice and the FBI
> have been denying that this was possible." Matt Blaze, a cryptographer
> at AT&T Labs, agreed: "Today's announcement is significant because it
> unambiguously demonstrates that DES is vulnerable, even to attackers with
> relatively modest resources. The existence of the EFF DES Cracker proves
> that the threat of "brute force" DES key search is a reality. Although
> the cryptographic community has understood for years that DES keys are
> much too small, DES-based systems are still being designed and used
> today. Today's announcement should dissuade anyone from using DES."
>
> EFF and O'Reilly and Associates have published a book about the EFF
> DES Cracker, "Cracking DES: Secrets of Encryption Research, Wiretap
> Politics, and Chip Design." The book contains the complete design
> details for the EFF DES Cracker chips, boards, and software. This
> provides other researchers with the necessary data to fully reproduce,
> validate, and/or improve on EFF's research, an important step in the
> scientific method. The book is only available on paper because
> U.S. export controls on encryption potentially make it a crime to
> publish such information on the Internet.
>
> EFF has prepared a background document on the EFF DES Cracker, which
> includes the foreword by Whitfield Diffie to "Cracking DES." See
> http://www.eff.org/descracker/. The book can be ordered for worldwide
> delivery from O'Reilly & Associates at http://www.ora.com/catalog/crackdes,
> +1 800 998 9938, or +1 707 829 0515.
>
> **********
>
> The Electronic Frontier Foundation is one of the leading civil liberties
> organizations devoted to ensuring that the Internet remains the world's
> first truly global vehicle for free speech, and that the privacy and
> security of all on-line communication is preserved. Founded in 1990 as a
> nonprofit, public interest organization, EFF is based in San Francisco,
> California. EFF maintains an extensive archive of information on
> encryption policy, privacy, and free speech at http://www.eff.org.
>

--

Don't go lookin' for snakes you might find them. ...Metallica

<> tbyars@earthlink.net <>