Tim May <tcmay@got.net> writes:
At 10:54 AM -0700 6/24/97, Adam Back wrote:
$100,000 for a machine to break DES in an average of 35 hrs
...
35 hours sounds a reasonable amount of time to break a Swift banking transfer key protecting trillions of dollars of funds.
Show me the money! A DES break that resulted in a loss of several tens of millions of dollars, suitably publicized, would be both educational and rewarding.
We often talk about the "threat model." But what's the _profit model_ for breaking DES?
Who says it hasn't been done? It's not as if the banks would be keen to advertise this. You remember a while back some Russians (including one "mathematician" according to news reports) had succeeded in fleecing a US bank of several mil and routing the money to various banks around the world. Until they got caught. The news reports said the US bank(s) wanted to talk to him to find out how he did it. I was always curious as to what that Russian did to crack bank security. I conjecture that it is possible that he built a wiener machine, and that the bank hushed up the story. (And switched to 3DES post haste:-) Also re. $100k = price of a ferrari and there are plenty of mobsters around with that kind of money, that price was 1993 price. Maybe at 1997 prices $100k would get you down to a few hours again. How small are the moving windows? Re. the "profit model" there were several possibilities discussed around the time the DES crack was starting, before Peter Trei persuaded RSA to make a challenge. One was a european ATM card which had a master DES key, and this was part of some standardisation thing (each bank had it's own DES key, plus all participating banks allowed this master key). But it's not much fun making profit off ATM machines -- they have cameras in them, and the cash you can draw on one card in a 24hr period isn't that much. You'd have to produce hundreds of faked cards, and have a whole host of accomplices running around emptying cash machines. Tricky logistics, many participants -> increased chance of getting caught. Not that easy to cash in on. One factor that hasn't really been discussed much is the possibility of amortizing cost. You build the DES breaking machine, and if you use it to break 1000 DES keys, that's $1k per key. Starting to open up even lower end applications with good organisation. I'm sure there were a couple of things discussed where there were some interbank transfers which relied on DES. Moving window means you've got to break the keys fast, as you say. Also I wonder how easy it is to siphon the money and make it disappear with all the auditing. (aka may be you could invest 1 mil and build a fast key breaker, transfer lots of money, but so what if the audit trail points fairly and squarely at you? Cash the money quick and buy unconditional immunity in Belzize?) btw I now have a text only version of the wiener paper up on: http://www.dcs.ex.ac.uk/~aba/crypto-papers/ sans diagrams. (ps2ascii is your friend). As well as the postscript. Some people can't handle postscript. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`