At 10:51 PM +0100 6/26/97, Adam Back wrote:

Peter Trei <trei@process.com> writes:

...

...

[DES breaking]

[useful stats] Perhaps it would be interesting to look at the economics of a well funded attacker breaking a 512 bit RSA key. If we asume that they would do it in software, and had to buy the machines, would you be better to buy fewer workstations with 128Mb or lots with 16Mb. Factor of 17 speed up using GNFS acording to your estimates of DES, and Lenstra's for GNFS RSA.

So perhaps we're looking at motherboard $100, cpu $100, PSU+case $100 + 16Mb RAM $100 = $400. The same, but with 128Mb $1100.

So that's a 1100 / 400 = 2.75 ratio. Clearly buying the larger memory PCs is the way to go.

Overall GNFS is 6x cheaper it would appear.

However, really the interesting question is how much would it cost to break RSA in hardware. How expensive would it be to build a custom hardware machine to break RSA. What building blocks would be needed. How much memory. What would be the most efficient approach.

Seems that unless future crypto breaks compromise something everybody can appreciate, they be little lasting PR value. Colin Plumb, colin@nyx.net, said

I don't know if everyone is aware, but all of the ATM cards floating aroud use DES to protect the PIN. With ine key sealed in tamper-proof. Wouldn't *that* be a fun key to have?

The details are published somehwere. Basically, you encrypt some card info to get a 16-character hex string. Some 4 nybbles of that, reduced mod 10 (so 0-5 are more likely than 6-9) are the "master PIN".

An offset from this (added per-digit, mod 10) is stored in clear on the card to allow programmable PINs. But most cards ship with the offset set to 0 and the default PIN is the master PIN.

You just need a few people with closed accounts to volunteer their ATM cards to mag stripe readers. The work would be somewhat greater since you need to do multiple decryptions to get a full validation; you'd need to do weed out the impossible in stages.

I'm not sure if the fraud possibilities (it lets you recover the PINs from stolen ATM cards) are worth it, but it would sure raise a ruckus... -- -Colin

The crack project should publish all schematics and source prior to the project start and the key server should definitely be offshore, since US regulatory agencies might step in to prevent the experiment from reaching its conclusion. I think one of the list's lawyers should investigate the legal risks to the participants. I have an account I'm willing to donate for the experiment. --Steve PGP mail preferred Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear | tel: (702) 658-2654 CEO | fax: (702) 658-2673 First ECache Corporation | 7075 West Gowan Road | Suite 2148 | Las Vegas, NV 89129 | Internet: azur@netcom.com --------------------------------------------------------------------- I know not what instruments others may use, but as for me, give me Ecache or give me debt. SHOW ME THE DIGITS!