Re: The Upcoming DES Challenge
At 06:56 PM 1/6/97 -0800, Mike Duvos wrote:
Peter Trei (trei@process.com) writes:
Ick. Why overly complexify things? A known plaintext attack would be far more straightforward. After all, the goal is to recover the key, not the message. Having to find a key which decrypts to something having all high bits clear will discourage people who might want to take a crack at this independent of the canned program you are going to distribute.
I agree. A real life crack of DES can almost always assume a know plain text. Why should the demo crack take the 10% hit?
[snip]
It will NOT run as a screen saver.
Too bad. The screensaver paradigm is something the unwashed masses can easily understand.
I have been running the distributed prime search software (see my .sig) for about two months now. [2^1398269-1 is prime!] If you haven't tried this software, I'd urge you to do so now. Not only because it might make you famous, but because it will give you some ideas how a distributed DES crack might work. I always liked the screen saver idea, but a crack using screen savers only works while the screen saver is active. The mersenne prime program runs on the lowest priority thread under Win95/NT/Linux. It works even while you are working, using all the idle cycles it can find, while at the same time having no effect at all on any of the work you do. Install it and forget about it. It's better than a screen saver. -- Lucky Green mailto:shamrock@netcom.com PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm
It will NOT run as a screen saver.
Too bad. The screensaver paradigm is something the unwashed masses can easily understand.
I have been running the distributed prime search software (see my .sig) for about two months now. [2^1398269-1 is prime!] If you haven't tried this software, I'd urge you to do so now. Not only because it might make you famous, but because it will give you some ideas how a distributed DES crack might work.
I always liked the screen saver idea, but a crack using screen savers only works while the screen saver is active. The mersenne prime program runs on the lowest priority thread under Win95/NT/Linux. It works even while you are working, using all the idle cycles it can find, while at the same time having no effect at all on any of the work you do. Install it and forget about it. It's better than a screen saver.
I agree with Lucky. It may not be as easy for the great unwashed to comprehend, but the low-pri thread is the best way to go to maximize cpu time on the project. I too am running the Mersenne software on my system (and 5 others), but that project will go on hold once a stable version of the DES cracker is available. Btw: the person implementing the software may want to take a look at the software the GIMPS search is using. It is simple, yet effective. amp ------------------------ Name: amp E-mail: amp@pobox.com Date: 01/07/97 Time: 06:51:34 Visit http://www.public-action.com/SkyWriter/WacoMuseum EARTH FIRST! We'll strip mine the other planets later. ------------------------
Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm
This .sig and the DES challenge gave me an idea that I'd like to bounce off the list. One of the things about these screensaver style cracking/searching programs is the hassle in downloading/installing the programs. There's also the problem of maybe downloading some trojan. And they need to be changed any time there's a new problem or key to work on (or a bug). The whole thing is so cumbersome that it's easy to claim it's not really a practical attack, or that it costs too much. However, what if there was a safe scripting language with bignum arithmetic and other cryptographic primitives, and what if lots of people ran a service that would accept scripts in that language and respond with the answer? Say, a Safe-TCL interface to Peter Gutmann's cryptlib, running at idle priority? Sort of like a distributed batch queue, and also a bit like the way jobs are (were?) submitted to Crays. The Cypherpunks Super Computer. It need not be significantly slower than raw code if the primitives are high level enough. I think this would be technically quite interesting, and would maybe play well in the media too. In response to the "it would cost too much to be _really_ practical" claim, anyone could always note that there was this distributed cypherpunks supercomputer that anonymous people could use to break keys with for free. I'd be happy to code something like this up if there's interest. Comments? Cheers, Frank O'Dwyer.
"Frank O'Dwyer"
However, what if there was a safe scripting language with bignum arithmetic and other cryptographic primitives, and what if lots of people ran a service that would accept scripts in that language and respond with the answer? Say, a Safe-TCL interface to Peter Gutmann's cryptlib, running at idle priority? Sort of like a distributed batch queue, and also a bit like the way jobs are (were?) submitted to Crays. The Cypherpunks Super Computer. It need not be significantly slower than raw code if the primitives are high level enough.
Perl 5.0 has a better, simpler, safety mode than Java (and probably Safe-TCL too), and runs on more machines. It is also the standard for CGI, so anyone already running CGI could simply add a perl-based crypto service. Dave
participants (4)
-
amp@pobox.com -
David Wuertele -
Frank O'Dwyer -
Lucky Green