...

...

...

...

...

"Dave Emery" <die@pig.die.com> pessimised:

...

[... the tools are too expensive...] [... and the skills required are too high...] [... for anyone on cypherpunks...]

Come on, Dave, this isn't alt.2600!

I want to immediately applogize to the list readership if anything in my posting seems to imply that I doubted that some of the list members possess the skills or brainpower to build a key cracker. I am sure a considerable number (at least by comparison with most other net communities) do, and many more certainly have the raw brainpower to learn the required technology if not currently up on it. Motivation and available time are another matter however. My only disparaging comment (at least as intended by me) was that the task was probably beyond some of the alt.2600 type crackers who primarily use canned programs and scripts to perpetrate their attacks. That comment was actually intended as a left handed warning about the advisablity of releasing a readily reproduced hardware key cracker design to the world at large. This seems especially true if entire FPGA array PC plugin boards are becoming a commodity item and readily available and the cracker recipe is buy one of those and install this canned software on it.

Most of the subscribers to this list are professionals -- engineers, programmers, mathematicians, lawyers -- not phone phreaks. I'm sure that there are more than a few of us with the knowledge, experience, and free access to the resources needed to handle most relatively small-scale designs like this.

(It's like saying that no one on cypherpunks has access to the distributed computing resources necessary to perform other sorts of brute-force cracking -- which is patently ludicrous.)

I'm sorry, but rereading my post I simply don't find the statement that cypherpunks readers couldn't carry out the task, My comments were directed at the original cost and effort estimates that I thought were a little low - I'm certainly aware that many cypherpunks list members are working professionals or grad students/researchers with very considerable "free" resources at their beck and call. And even the pessimistic resource estimate I posted is not beyond motivated people. particularly if they see a large profit or advantage in it. But most importantly I may be making a very nieve assumption about the list readership - that it is mostly good guys and not thieves preparing to rip off hundreds or thousands of credit card numbers/ bank access codes from the Internet for gain. It is the implication that for this thief group it would be an easy $400 project to *design* and build a useful key cracker that I was challenging. (I might add that there certainly are other easier ways of obtaining large numbers of credit card numbers and access codes by such means as tapping unencrypted non-Internet data or voice communications and/or altering existing credit card terminal firmware to make it save up and deliver credit card numbers via a backdoor or bugging device. Gaining illegal access to the phone cables or credit terminals at a mall is certainly easier for most crackers and more typical of their experiance base than designing efficient pipelined key schedulers that fit into an FPGA). Presumably most of the competant, talented cypherpunks who could easily design a cracker are already far too well paid for these design skills to have much of any motivation to build such hardware for criminal purposes. And I might add that to my knowlage (admitedly rather limited) I know of no hardware crackers having been built with this technology (at least outside of the classified world). If it really is a simple trivial project that can be carried out with $400 worth of resources why aren't there NYT front page articles about someone having built a useful one and cracked something ? There certainly are lots of ambitious young grad students with lots of resources available to them and time to do this who would love to make their reputation by being the first to crack DES in under a week ...

For instance, from where I'm sitting in my *home* office, I can see the full development packages for Xilinx and AT&T FPGAs, Viewlogic VHDL, schematic, and simulation tools, an HP 1660A logic analyser, and a Tek THS 720 500 MHz digital scope.

You have better tools than I do (I have a 16500B for example rather than a 1660A (which I'd love), but not hugely so, and I've been mostly semi-retired, taking a sabbatical to care for my newborn son and haven't wanted to spend the money to update resources I'd be largely using occasionally for very casual playing.

And I doubt if I'm the only one here who does this for a living.

Judging from other posts I've seen I have little doubt. Certainly I have done related stuff in the past...

The problem isn't resources, but time and motivation -- what sort of situation would it take to get me (for instance), and one of cypherpunk's cryptography wizards, to take the time to collaborate on something like this.

I completely agree. But I'd be surprised if it took much of a crypto wizard to do a brute force cracker as a just a simple brute force cracker. The task would demand much more of the skills of a good clever parallel logic designer to figure out how to effectively pipeline the well known and well defined crypto algorithms within the constraints of a still limited FPGA. What a crypto wizard might add might lie more in the direction of optimized strategies for key generation and scheduling to reduce the number of clock ticks and or gates devoted to this. The game of course is how many keys per second per dollar... anyone can build something that will eventually try a key, it is building something that will try keys at a maximum rate on cheap hardware that is interesting. (Sorry to take so much list bandwidth on this).. Dave Emery die@die.com