Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: "Robert A. Hayden" <hayden@*******.MANKATO.MSUS.EDU>
Subject: Help Crack DES
Date: Wed, 9 Apr 1997 15:04:07 -0500

Just forwarding this along. Thought you might be interested. Go to the
web page for the software and current progress statistics.



DESCHALL Group Searches for DES Key

Sets out to prove that one of the world's most popular encryption
algorithms is no longer secure.

COLUMBUS, OH (April 9, 1997). In answer to RSA Data Security, Inc.'s
"Secret Key Challenge," a group of students, hobbyists, and
professionals of all varieties is looking for a needle in a haystack
2.5 miles wide and 1 mile high. The "needle" is the cryptographic key
used to encrypt a given message, and the "haystack" is the huge pile
of possible keys: 72,057,594,037,927,936 (that's over 72 quadrillion)
of them.

The point? To prove that the DES algorithm -- which is widely used in
the financial community and elsewhere -- is not strong enough to
provide protection from attackers. We believe that computing
technology is sufficiently advanced that a "brute-force" search for
such a key is feasible using only the spare cycles of general purpose
computing equipment, and as a result, unless much larger "keys" are
used, the security provided by cryptosystems is minimal. Conceptually,
a cryptographic key bears many similarities to the key of a typical
lock. A long key has more possible combinations of notches than a
short key. With a very short key, it might even be feasible to try
every possible combination of notches in order to find a key that
matches a given lock. In a cryptographic system, keys are measured in
length of bits, rather than notches, but the principle is the same:
unless a long enough key is used, computers can be used to figure out
every possible combination until the correct one is found.

In an electronic world, cryptography is how both individuals and
organizations keep things that need to be private from becoming public
knowledge. Whether it's a private conversation or an electronic funds
transfer between two financial institutions, cryptography is what
keeps the details of the data exchange private. It has often been
openly suggested that the US Government's DES (Data Encryption
Standard) algorithm's 56-bit key size is insufficient for protecting
information from either a funded attack, or a large-scale coordinated
attack, where large numbers of computers are used to figure out the
text of the message by brute force in their idle time: that is, trying
every possible combination.

Success in finding the correct key will prove that DES is not strong
enough to provide any real level of security, and win the first person
to report the correct solution to RSA $10,000.

Many more participants are sought in order to speed up the search. The
free client software (available for nearly every popular computer
type, with more on the way) is available through the web site. One
simply needs to follow the download instructions to obtain a copy of
the software. Once this has been done, the client simply needs to be
started, and allowed to run in the background. During unused cycles,
the computer will work its way through the DES keyspace, until some
computer cooperating in the effort finds the answer.

If you can participate yourself, we urge you to do so. In any case,
please make those you know aware of our effort, so that they might be
able to participate. Every little bit helps, and we need all the
clients we can get to help us quickly provide an answer to RSA's

Contact Information

* Media Contact
Matt Curtin +1 908 431 5300 x295
* Alternate Contact
Rocke Verser, Contract Programmer, +1 970 663 5629
* Web Site
* Mailing List
To subscribe, send the text subscribe deschall to
<majordomo@**********> and you'll be emailed
* RSA Data Security Secret Key Challenge '97 Site


Version: 2.6.2
Comment: PGP Signed with PineSign 2.2


Robert A. Hayden hayden@*******
-=-=-=-=-=- -=-=-=-=-=-

Version: 3.12
GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+
K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++
R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+**


These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.