-----BEGIN PGP SIGNED MESSAGE----- Copyright (C) 1995 Tim Philp Brantford, Ontario Canada Article appeared in The Expositor, Brantford, Ont., Canada Sept 9th, 1995 - THE CODEBREAKERS - by Tim Philp A couple of weeks ago an extraordinary event took place that has implications for all users of the Internet. A group on the Internet, who call themselves CYPHERpunks, ran a test of a code system that was considered uncrackable in any reasonable amount of time. This in itself was not the extraordinary event. This code was broken by the cypherpunks in only 31.5 HOURS! That's right, hours. This code, called SSL used a 40 bit encypherment key with 1,099,511,627,776 possible combinations. To give you an example of just how incredible this feat was, let's examine the security of this code. If you were to try 1 key per second it would take you just over 34,841 years to try them all. That is almost five times longer than all of recorded history. How was this done and what does this mean to users of the Internet? The how part is simple to explain, the meaning will be more difficult to divine. The security of a code must rely only upon the key used to encipher the plaintext. It is assumed that the method of encryption is well known, as indeed it would be if it were used in a commercial product. Someone would disassemble the code and figure out the method. It is for this reason that security cannot reside in a secret means of encypherment. SSL is one such code. This group, the Cypherpunks, wrote a program that would try keys in sequence and then they distributed it to the Internet community. They then set up a central computer that people all over the world could call into and get assigned a group of keys to try. These people would then feed these keys into the code cracking program and report the results to the central computer. With hundreds of users taking part, using computers that were sitting idle at nights running screen savers, they cracked the code in 31.5 hours. One of the greatest arguments against people trying this kind of brute force attack on codes, is that the computer time and power required would cost the earth. In actual fact, this successful attack cost nothing at all as the computers used were sitting idle. Everything from little 286 PCs to mini-computer workstations were pressed into service labouring long over the weekend tirelessly trying one possible key after another until they cracked the code. Because this was an academic excersise, there was no harm done. The purpose was to prove how quickly a 40 bit code could be cracked. I confess to be astounded at just how fast this was accomplished. This points out two remarkable possibilities for the new communications technology that we are only now beginning to use. If that code were protecting sensitive information, such as a bank funds transfer, this group could be very rich. It does also point out a new way of using the Internet to solve problems that have long eluded solution because of the shear computational size of the problem. If the problem were to be divided up into small chunks and given to hundreds of computers worldwide, solution may become possible. We are just beginning to understand the possibilities. This file may not be reproduced by any means without the permission of the author -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMHM8znseeMISF+fVAQEGzgP+L+JQfTSZ1un83/oh2g/5Nthw3tiHVtb9 eDiOtuzvuQiLxMO/SUPnjM5cXlSYhTNCN8wF49IXEO5Istg58oIA8wf4MPr8aDML dsK8h34rBQqVXjaxC9staKtKnTGLfZFLmKGwRShLJECgs6Bzqu25TptSYIa8RRGk ncYhNj6Lalc= =RE7O -----END PGP SIGNATURE----- =================================== For PGP Public Key, Send E-mail to: pgp-public-keys@swissnet.ai.mit.edu In Subject line type: GET PHILP ===================================