Re: [DES] Anguilla surpasses US military in code breaking challe
From: Vincent Cate <vince@offshore.com.ai> To: cypherpunks@toad.com Subject: Anguilla surpasses US military in code breaking challenge.
Vince writes:
Press Release Anguilla, June 16, 1997
Anguilla surpasses US military in code breaking challenge.
The Caribbean country of Anguilla has searched through more than 2,380,000,000,000 code keys as part of the Deschall effort to break a DES encrypted message. This is in response to a challenge by RSA Inc to show that DES 56 bit keys are not large enough given the rapid advances in computing technology. As of June 16th, the entire US military effort, represented by Internet machine names ending in ".mil" in the Deschall statistics pages, has searched fewer keys. Anguilla host names end in ".com.ai". Anguilla is a free and democratic country, that does not limit key lengths.
NOT a press release, but true. Framingham,MA , June 16, 1997 Process Software surpasses Anguilla in code breaking challenge. The small software firm of Process Software has searched through more than 25,600,000,000,000 code keys as part of an independent effort to break a DES encrypted message. This is in response to a challenge by RSA Inc to show that DES 56 bit keys are not large enough given the rapid advances in computing technology. As of June 16th, the entire US military effort, represented by Internet machine names ending in ".mil" in the Deschall statistics pages, has searched fewer keys. Anguilla host names end in ".com.ai". This represents 5965 2^32 key segments, or 0.035% of the total keyspace. We've got a long way to go. It's worth noting that the DESChall people claim to have now searched over 23% of the keyspace, and at the current rate will have searched the whole thing about 3 months from now. They have not released their source code for independent evaluation. I for one would feel a lot more comfortable with DESChall if there was at least some outside review, even if no general release is made. Peter Trei trei@process.com
Peter Trei wrote:
Vince writes:
Press Release Anguilla surpasses US military in code breaking challenge.
The Caribbean country of Anguilla has searched through more than 2,380,000,000,000 code keys as part of the Deschall effort to break a DES encrypted message.
They have not released their source code for independent evaluation. I for one would feel a lot more comfortable with DESChall if there was at least some outside review, even if no general release is made.
Peter, I emailed the DESChall folks about the same time I was accusing them and you and the Swedish (?) guy of conspiring to save the good keys to yourself and demanded their source code, which they sent to me. I read code with the same expertise that Richard Nixon does standup comedy, but I have a girlfriend who dreams in algorithms and she was mightily impressed with the code itself. Unfortunately, they had a problem with hackers fucking with their code and doing interceptions on the data being transmitted back to their site. Since the DESChall folks were so kind as to share their source code (they have modified it, since then) with a self-professed lunatic, I have no doubt that they would not object to a real player in the crypto game (such as yourself) taking a gander at their source code. They may even need some kindhearted soul to help them transport it to a specific platform. If you contact them and they tell you to fuck off, then give me a holler and I'll see if Bianca still has the source from their previous version of the DESChall software. (I think that the changes in procedure they made applied only to the handling of the server/client communications so that Dimitri couldn't add ASCII art to the keycheck results.) Toto http://www3.sk.sympatico.ca/carljohn/
They have not released their source code for independent evaluation. I for one would feel a lot more comfortable with DESChall if there was at least some outside review, even if no general release is made.
I do not keep up with the various DES challenge efforts: Did DESChall ever give a reason for not releasing source code? Has anyone tried reverse engineering the executable? Does anyone have statistics on how quick deschall is as opposed to, for example, Bryddes? If they haven`t released source code and it is significantly faster it may be they have further key schedule optimisations they do not wish to share. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
The DESCHALL source is available under NDA. The timings of the various DESCHALL clients are on their homepage at http://www.frii.com/~rcv/deschall.htm -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred On Mon, 16 Jun 1997, Paul Bradley wrote:
They have not released their source code for independent evaluation. I for one would feel a lot more comfortable with DESChall if there was at least some outside review, even if no general release is made.
I do not keep up with the various DES challenge efforts: Did DESChall ever give a reason for not releasing source code? Has anyone tried reverse engineering the executable?
Does anyone have statistics on how quick deschall is as opposed to, for example, Bryddes? If they haven`t released source code and it is significantly faster it may be they have further key schedule optimisations they do not wish to share.
participants (4)
-
Lucky Green -
Paul Bradley -
Peter Trei -
Toto