...

At 3:06 AM 7/23/96, Steve Reid wrote: Did you consider the possibility of DES chips in your back-of-the-envelope calculations? They are hundreds of times faster than PCs. I don't know where to get them or how much they cost, though. I would expect they wouldn't be too expensive. The cash might be better spent on DES chips than on a prize.

Specialized DES-cracker chips have of course been considered.

Actually hardware DES can be thousands of times faster than PCs. The problem with using commercially available DES chips is that you need to load keys, do encrypts and XOR the output with the ciphertext looking for all 0's or all 1's, in a serial fashion. Commercial DES chips don't have the facilities for doing comparisons or loading a new key while encrypting with the previous, not to mention the ability to increment the key value.

The advantage of the cracks done last year, the French and Australian cracks, and the MIT cracks, were that the "entry costs" for joining the project were low.

--Tim May

The lowest cost entry for hardware crackers would probably be FPGA based (lower NRE). I could design one that would do say 2 - 4 million DES ops per second and cost less than 60 dollars (a PCI interface and cheap card). Anyway, hardware cracking can be done on a smaller scale than Wieners 30 Million DES ops/second, and it could still prove valuable. The good news is that software and hardware efforts are no more incompatible than using different performing machines. If someone steps forward with 1728 Giga DES ops machine, they can have as much of the key space as they can handle. I could probably manage a 100 M DES ops hardware machine before my wife wondered what I was spending the money for the new driveway on (and I would use reprogrammable FPGAs). I would also be inclined to run software on a couple of workstations at home, and an incidental PC or Alpha at work.