DES Key Recovery Project, Progress Report #7 Friday, Jan 23 1997 Peter Trei Next Tuesday morning, 9AM, RSA is scheduled to release the 'real' $10,000 DES challenge data. My software is in a state where it can be used for the challenge, though there is room for improvement. It currently tests about 185,000 keys/sec on my 90MHz machine. This translates to about 205,000 keys/sec on a 100 MHz machine. I still have to replace my DES round, which takes 25 clock cycles, with Svend Mikkelsen's, which takes only 18. Since the DES rounds are well over 80% of the work, this should boost the speed to over 250,000 keys/sec at 100 MHz. If I'm lucky, I'll perform this conversion over the weekend. I've sent out early betas to a few people for porting, but have had no feedback yet. I've approached several restricted FTP sites as possible distribution sites, and have had some positive responses, but nothing definitive yet. I'm being pretty strict in my interpretation of EAR for this purpose. In advance of the challenge, I'm willing to email copies as a ~100k uuencoded zip file to people, but to do so, you must comply with the following: 1. Send the request to ptrei@acm.org, NOT trei@process.com. I won't be able to read the latter for the next 10 days. 2. Include your 'true name' and residence address, as well as the email address to which it should be sent, . 3. A statement of your nationality. I'll mail it only to US Citizens, Canadian citizens, and US Green Card holders, residing in the US or Canada. 4. A statement to the effect that you understand that this is restricted code, and that cannot be exported or given to non-US/Canadian citizens I'm going to hold this information in strict confidence, and will surrender it only to a valid court order. It's similar to what you have to go through to download the domestic version of Netscape Navigator or PGP from MIT. You are free to distribute the software further. If you've complied with the requirements above, I believe that at that point I've done more than due diligence under ITAR/EAR. My software gets it's challenge data either from a text file cut-and-pasted from the RSA page, or from internally stored data. Tuesday night, I'll recompile the program with the real challenge data, and redistribute. My version runs on WinNT or Win95, on 486's and above. It's set up as a console app, which can run in background. I don't yet have a version for Win 3.1 or below 486, but may do in the future. The software is set up in such a way that it can be used either on a standalone system, or in a LAN environment with shared disks. The latter has a slightly more complex setup, but will allow many machines to share one executable and results file. I envisage people installing one copy on a shared disk in their workplace, and then adding the appropriate commands to the autoexec.bat file of every machine they can, so the program will start running whenever the machine is booted. (I HOPE you get permission!). The distribution includes both source and the Win32 executable. The source includes both fast Intel assembler, and much slower generic 'C'. There's nothing that's really Microsoft specific in the code - it should be easy to port to other systems with 32 bit or better processors. I'm attempting to do a 'PGP style' distribution with a signed, nested zip file. The signing key I'm using is available at http://www.ziplink.net/users/trei/crypto.html (I hope I've done this right). I'm only going to send out signed archives. If you get one where the signature fails, or one lacking a signature, I repudiate it - and you should be suspicous of it. I'll be trying to set up that URL as a page describing the project, with info on other efforts, and FAQs. Once the challenge starts, I hope you'll all evangelize it to your friends and acquaintences. I'd like to see 100,000 machines trying for the $10,000. All next week I'm in the San Francisco area (I'm flying out in a couple hours). I'll be attending the Verisign Partner's Day on Monday, and I'll be at the RSA Data Security Conference Tuesday through Friday. I'll be trying to read cypherpunks and coderpunks at least once a day, along with checking mail to ptrei@acm.org. I can't read cryptography@c2.net from an archive, so I will not see it unless it cc's ptrei@acm.org (Perry, could you temporarily subscribe ptrei@acm.org?) Happy hunting! Peter Trei ptrei@acm.org