Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

Worldwide Effort Cracks DES

23 June 1997, ZDNet

Worldwide Effort Cracks DES

It took 18,859,645,992,960 tries, but Michael Sanders' Intel Pentium 90MHZ computer late Monday night cracked the Data Encryption Standard, the U.S. government's standard for encryption.

While it took a concerted, worldwide effort for over five months to smash through DES, it is enough for security companies to raise a red flag to the U.S. government that accepted standards for encryption are fast becoming unacceptable. And it may be used for fuel in the push to convince the U.S. government to loosen export standards since foreign customers will want more secure products. The government forbids the export of products using encryption codes that come near the 56-bit DES.

DES has in fact been long rumored to be insecure. When the government made it the standard protection for use in banking transactions and government agencies in 1972, it drew the ire of computer specialists even then who questioned if it was good enough.

"DES was designed before average people had computers. It ran up against an irresistible force - the combined power of thousands of off-the-shelf computers," said Scott Schnell, vice president of marketing for RSA Data Security, Inc.

Sanders will share in a $10,000 reward RSA put up in January to anyone who could crack DES. Taking the other slice of the prize money is Rocke Verser, a Loveland, Colo.-based encryption specialist who wrote the software to test DES keys.

Sanders, who works for a iNetZ Corp., a Salt Lake City-based Internet Service, is one of thousands of Netizens who participated in what is likely the largest distributed computing effort to be staged over the Internet.

The encrypted message they were after was "Strong cryptography makes the world a safer place."

Handing over the $10,000 prize is a slight pain for Redwood City, Calif,-based RSA, which can now claim that the world needs better protection and should therefore stop using the freely distributed DES and buy the company's tools for more power encryption.

At peak computer power, the distributed effort could have solved the puzzle in 32 days, said Schnell.

Even though Verser wrote the software that broke the code, he said that people needn't become concerned. After all, of the 72 quadrillion possible keys, the distributed effort over nearly five months had to test about 18 quadrillion of them before Sanders found the right one.

"We showed for real that DES has some weaknesses and it's not secure against a committed adversary," said Verser. But the effort also showed how the Internet can be used for widespread, distributed computing efforts, said Verser.

While he is certain thousands of people participated regularly in running tests of DES keys, on a peak day last Saturday, 14,000 computers accessed his server to download keys for testing.



[ Back | Home | Products | Security News | Security Links | Download | Resources | Press | Employment | Contact | About ]

CryptoSoft GmbH

Feedback: webmaster@cryptosoft.com
 Copyright ©1995-1998 Cryptosoft GmbH
All Rights Reserved