Bullshit RE: HACKERS SMASH U.S. GOVERNMENT ENCRYPTION
I actually got a kick out of reading the bullshit in the press release.
Oakland, California (June 18, 1997)-The 56-bit DES encryption standard, long claimed "adequate" by the U.S. Government, was shattered yesterday using an ordinary Pentium personal computer
Actually it was more than 70,000 clients working together
"That DES can be broken so quickly should send a chill through the heart of anyone relying on it for secure communications,"
I'm shitting bricks. No mention was made that only 25% of the keyspace was tested.
"Unfortunately, most people today...
Unfortunately some companies depend on BS to sell products. Glad to see C2Net is no different, [Rest of the noise removed] You should have given credit to DESCHALL whose effort is be applauded.
"That DES can be broken so quickly should send a chill through the heart of anyone relying on it for secure communications,"
I'm shitting bricks. No mention was made that only 25% of the keyspace was tested.
Not only that, but single DES with a 56 bit key is just not being used anymore in any company which has the slightest clue. If they can run a distributed crack on 3DES with independent subkeys then I`ll give them some attention. I`m not downgrading the effort, Joe "wired reader" Sixpack doesn`t know the difference between DES, 3DES and his ass anyway, so it is a significant publicity stunt that will get normal non-specialist people thinking about the export laws, and about how quickly DES can be broken by the government if it can be broken by a few guys on the internet in months. All I am saying is that looking at it from a purely scientific point of view it is not a great cryptanalytic achievement, merely a PR stunt.
Unfortunately some companies depend on BS to sell products. Glad to see C2Net is no different,
What did you expect? Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
On Thu, Jun 19, 1997 at 09:21:59AM +0000, Paul Bradley wrote:
"That DES can be broken so quickly should send a chill through the heart of anyone relying on it for secure communications,"
I'm shitting bricks. No mention was made that only 25% of the keyspace was tested.
Not only that, but single DES with a 56 bit key is just not being used anymore in any company which has the slightest clue.
This is false, of course. Many companies with the slightest clue use single DES. Also, someone pointed out that the combined efforts probably had independently done 50% of the keyspace.
If they can run a distributed crack on 3DES with independent subkeys then I`ll give them some attention.
I`m not downgrading the effort,
This is false, too. Doublespeak at it's finest.
Joe "wired reader" Sixpack doesn`t know the difference between DES, 3DES and his ass anyway, so it is a significant publicity stunt that will get normal non-specialist people thinking about the export laws, and about how quickly DES can be broken by the government if it can be broken by a few guys on the internet in months. All I am saying is that looking at it from a purely scientific point of view it is not a great cryptanalytic achievement, merely a PR stunt.
It is a *GREAT* achievement on several fronts, crypto included. Another front that was equally important, IMO was as a demonstration of what loosely coordinated distributed computing can do. Of course, it was also a PR stunt, and it is working on that front, as well. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
Not only that, but single DES with a 56 bit key is just not being used anymore in any company which has the slightest clue.
This is false, of course. Many companies with the slightest clue use single DES.
Well, maybe I should have said companies with the slightest clue *should* not be using 3DES, of course a lot of them are advised wrongly that single 56 bit DES is hard to break, indeed the succeptability of single DES to differential and linear cryptanalysis leaves me with a low level of condfidence about single DES period. Of course one could also say that by extension there is no reason why these methods of cryptanalysis could not be adapted to 3DES, I believe the NSA once claimed to have known about differential cryptanalysis since the 1970s??? in that case they are the ones who could, but won`t, tell you if in time 3DES can be broken by the same means as reduced round single DES.
Also, someone pointed out that the combined efforts probably had independently done 50% of the keyspace.
Yes, I think that even accounted for the expected duplication of keyspace searched by the different efforts, it was a resounding success overall.
If they can run a distributed crack on 3DES with independent subkeys then I`ll give them some attention.
I`m not downgrading the effort,
This is false, too. Doublespeak at it's finest.
Foo. I said I applauded the effort from a publicity point of view, it gets the message out there to the public that a bunch of guys with normal home PCs can break the encryption the government has been telling them is strong. From a technical point of view it is unsuprising, can you honestly tell me you were suprised a distributed crack got 56 bit DES??? Therefore there are two sides to it, it is a good thing, and <yawn>...>
significant publicity stunt that will get normal non-specialist people thinking about the export laws, and about how quickly DES can be broken by the government if it can be broken by a few guys on the internet in months. All I am saying is that looking at it from a purely scientific point of view it is not a great cryptanalytic achievement, merely a PR stunt.
It is a *GREAT* achievement on several fronts, crypto included. Another front that was equally important, IMO was as a demonstration of what loosely coordinated distributed computing can do.
Yes, I do in fact, and I had not really considered this side of it so I thank you for bringing it to my attention, recognise the significance of the achievement from the distributed computing angle, it could so easily have gone spaghetti-wise. I just don`t recognise any real groundbreaking achievement in crypto terms, but of course it cost nothing, a hardware crack would have done it in days, but that is a different matter altogether, in both financial and PR terms, it would not be that impressive to crack DES with a custom DES cracker Wiener style, the real PR coup is that it was broken by an average home PC. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
At 03:35 PM 6/18/97 -0500, ARTURO GRAPA YSUNZA wrote:
I actually got a kick out of reading the bullshit in the press release. ... You should have given credit to DESCHALL whose effort is be applauded.
I mostly agree with Arturo, especially about giving credit and indicating how many machines were participating. Publicity about how the Feds are trying to push weak crypto on us is worthwhile - the timing was especially pleasant given Kerrey's new anti-crypto bills in Congress. Sameer's post did two things - hyped his own company (hmmm :-) and provided an opportunity for good inflammatory rhetoric. On the other hand, DES really is _much_ weaker than the DESCHALL project indicates - Intel CPUs aren't at all tuned for DES cracking, whereas a custom DES-cracker with similar horsepower could have done the job a lot faster. If I remember right, Wiener's design used 64,000 chips, about as many as there were PCs working DESCHALL, for a crack that would take hours instead of months. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
Bill Stewart wrote :
On the other hand, DES really is _much_ weaker than the DESCHALL project indicates - Intel CPUs aren't at all tuned for DES cracking, whereas a custom DES-cracker with similar horsepower could have done the job a lot faster. If I remember right, Wiener's design used 64,000 chips, about as many as there were PCs working DESCHALL, for a crack that would take hours instead of months.
The way I like to look at it, it should be easy these days to do a compiled custom chip deeply pipelined enough to try one key per clock. And ASICs running at 200 mhz aren't that uncommon these days. That is one key every 5 nanoseconds, or .2 billion keys a second, thus only aout 40 of these chips ( a medium size board's worth which could sit in a single PC slot) could equal the maximum rate the huge distributed cracked attained as documented in Sameer's press release. Dave Emery die@die.com
Two kibitizers wrote:
"That DES can be broken so quickly should send a chill through the heart of anyone relying on it for secure communications,"
I'm shitting bricks. No mention was made that only 25% of the keyspace was tested.
Then Paul Bradley <paul@fatmans.demon.co.uk> the sage moderator of Cryptography.Uk stepped in:
Not only that, but single DES with a 56 bit key is just not being used anymore in any company which has the slightest clue. If they can run a distributed crack on 3DES with independent subkeys then I`ll give them some attention.
You've convinced me, the UK _is_ on a different planet! Vin McLellan + The Privacy Guild + <vin@shore.net> 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 -- <@><@> --
Vin McLellan <vin@shore.net> writes:
Then Paul Bradley <paul@fatmans.demon.co.uk> the sage moderator of Cryptography.Uk stepped in:
Not only that, but single DES with a 56 bit key is just not being used anymore in any company which has the slightest clue. If they can run a distributed crack on 3DES with independent subkeys then I`ll give them some attention.
You've convinced me, the UK _is_ on a different planet!
Nah, it's just Paul :-) Perhaps he should rephrase that to no one with a clue _should_ be using single DES. Clearly lots are in practice, in spite of their better judgement for political reasons. The US government influence via their export controls being a major factor pushing the practice of using too short key lengths. What's cryptography.uk? Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (7)
-
Adam Back -
ARTURO GRAPA YSUNZA -
Bill Stewart -
Dave Emery -
Kent Crispin -
Paul Bradley -
Vin McLellan