Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

November 10, 1997, Section: Internet Reseller

NOT A GAME:Contest run to prove unacceptable levels allowed for U.S. export -- Team Cracks RSA's 56-Bit Encryption Code

By Charlotte Dunlap

Redwood City, Calif. -- It took 72 quadrillion different key formats, but a team of computer whizzes beat RSA Data Security Inc.'s challenge to crack its 56-bit RC5 encryption code.

Just a walk in the park for the more than 4,000 teams of computer programmers who referred to themselves as the Bovine RC5 Effort team, after tapping tens of thousands of computers strung across the Internet to run the different numbers.

RSA, based here, established the contest earlier this year to prove that the current level of encryption allowable for U.S. export is vulnerable and unacceptable.

However, the more interesting part of the story is the group behind the project.

Three computer programmers who have other jobs in the industry got together 250 days ago and decided to go after the RSA challenge in their spare time and for no money. Naming their nonprofit organization Distributed.Net, they managed to rally thousands of people around the world into linking their desktop computers via the Internet with Distributed. Net's computer, which acted as the back-end computer.

David McNet, a co-founder of Distributed.Net, said he took on the project to test the limits of distributed computing. As a result of the cooperation, which brought together tens of thousands of computers throughout the world, his organization now claims to operate the largest computer in the world.

"Our sole purpose is developing distributing computing technologies. We are trying to determine what is possible by linking consumer-grade machines over the Internet," McNet said. "What we give back is to focus this computer energy toward altruistic purposes, such as [discovering] ever larger prime numbers, or performing the RC5 encryption strength test."

The RSA test was the group's first project. It is now in discussions with a group searching for extraterrestrial beings that would require Distributed.Net to sift through the raw data from a radial telescope. "What distributed computers lend themselves to are the tasks that require extreme amounts of computational ability," McNet said. He supported RSA's stand on the vulnerability of encryption being shipped offshore. Current U.S. export laws limit international versions of encryption to be limited to 40 bits and, in some cases, 56 bits.

"The fact that a group of volunteers can band together in their spare time and decrypt 56-bit encryption really shows that the current level is insufficient," he said. "An organization or a government with unlimited funds or any kind of funds and a lot more motivation could have accomplished what we did." He said the experiment proves that an immense amount of power can come from a desktop computer if networked with many others, more than even a multimillion-dollar supercomputer.