First, the official PR release: --------------------------------------------------- Distributed Team Collaborates to Solve Secret-Key Challenge Contest designed to keep the cryptographic community updated on new achievements and help organizations maintain highest levels of security Bedford, MA, Thursday, September 26, 2002 - RSA Laboratories, the research center of RSA Security Inc. (Nasdaq: RSAS), the most trusted name in e-security(r), today announced that a coordinated team of computer programmers and enthusiasts, known as distributed.net, has solved the RC5-64 Secret-Key Challenge. The distributed.net team solved the challenge in approximately four years, using 331,252 volunteers and their machines. Distributed.net receives a cash prize of $10,000 for solving the challenge. Established in 1997, RSA Laboratories' Secret-Key Challenge is offered to quantify the strength of symmetric encryption algorithms such as DES and the RC5(r) algorithm with various key sizes. By sponsoring an actual contest, RSA Laboratories helps the industry confirm theoretical estimates, and through this constant evaluation, vendors are motivated to continue to improve their security solutions. The distributed.net consortium utilized the idle time of computers throughout the world to search through the list of all possible 64-bit keys for RSA Security's RC5 algorithm to find the one secret key selected at random by RSA Laboratories that decrypts a given message correctly. RSA Laboratories sponsors a series of cryptographic challenges that allow individuals or groups to attempt to solve various encryption "puzzles" for cash prizes. The RC5-64 Challenge is one of a series of contests held to determine the difficulty of finding a symmetric encryption key by exhaustive search (trial-and-error). Previous contests include the DES Challenge, the RC5-40 Challenge and the RC5-56 Challenge. "We're very appreciative of all the volunteers who offered their time and computer's idle processing time to help solve this challenge," said David McNett, distributed.net co-founder and president. "We have once again shown how collective computing power can be applied to security technology with ordinary PCs. We look forward to future RSA Laboratories-sponsored challenges that will assist in helping the cryptographic community gauge the strength of an algorithm or application against exhaustive key search." "RSA Security congratulates the distributed.net team in solving the RC5-64 Secret-Key Challenge," said Burt Kaliski, chief scientist at RSA Laboratories. "We appreciate the persistence of distributed.net and the many individuals involved in completing the search for this one key. Their work helps the industry confirm how much work is involved to search exhaustively for a key - and how a huge volume of computing time can be harnessed. The various challenges we sponsor are very useful for tracking the state of cryptographic achievements and helping ensure that organizations are maintaining the highest levels of security to protect their most critical data assets." ---- About RSA Security Inc. RSA Security Inc., the most trusted name in e-security, helps organizations build trusted e-business processes through its RSA SecurID(r) two-factor authentication, RSA ClearTrust(r) Web access management, RSA BSAFE(r) encryption and RSA Keon(r) digital certificate management product families. With approximately one billion RSA BSAFE-enabled applications in use worldwide, more than 12 million RSA SecurID authentication users and almost 20 years of industry experience, RSA Security has the proven leadership and innovative technology to address the changing security needs of e-business and bring trust to the online economy. RSA Security can be reached at www.rsasecurity.com. RSA, RC5, BSAFE, ClearTrust, Keon, SecurID and The Most Trusted Name in e-Security are registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies. --------------------------------- A personal note: In case people are wondering, the key turned out to be 63 DE 7D C1 54 F4 D0 39 and the encrypted message was

"The unknown message is: Some things are better left unread."

I'm really happy with this - I wrote to Jim Bidzos proposing the contests way back in the fall of 1996, long before I came to work at RSA. At the time, I was aimed at killing DES, and creating pressure to ease the export limits on key size (they had just been raised from a ludicrous 40 up to 56. I didn't think this was good enough). I feel that I entirely suceeded. So I was in at the start of the contests, and at the end of this one (I was one of the two people at RSA who independently confirmed the decryption). I expect that this will be the last one attacked for a while - the next keylength is 72 bits, and at d.net's current rate, that would take them several centuries. Peter Trei --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com