RSA Announces New "DES Challenge" Tens of thousands of dollars in cash prizes offered; contest should improve overall Internet security by illustrating relative strength of different crypto algorithms and keysizes. Business Editors and Computer Writers REDWOOD CITY, Calif.-Jan 2, 1997--RSA Data Security, Inc., a wholly owned subsidiary of Security Dynamics Technology, Inc. (NASDAQ: SDTI), today announced an Internet-based contest with cash prizes. The contest, known as the "RSA DES Challenge", challenges mathematicians, hackers and computer experts around the world to decipher encrypted messages. The goal of the contest is to quantify the security offered by the government endorsed DES encryption standard and other secret-key ciphers at various key sizes. The challenge proper will be launched during the RSA Data Security Conference to be held in San Francisco, January 28-31, with the target ciphertexts for the different contests being simultaneously posted on the company web-site, at http://www.rsa.com/ RSA Data Security pioneered the Internet-based "cracking" contest, when it launched the original "RSA Factoring Challenge" back in 1991. Since then, the company has paid out over $100,000 in prize money to mathematicians and hackers around the world, and the data gained from that Challenge (which is ongoing) has greatly increased mathematicians' understanding of the strength of encryption techniques based on the "factoring problem", such as the RSA Public Key Cryptosystem T. Background It's widely agreed that 56-bit keys, such as those offered by the government's DES standard, offer marginal protection against the committed adversary. By inertia as much as anything else, DES is still used for many applications, and the 20-year-old algorithm is proposed to be exportable under the latest incarnation of Clipper. It is the perfect time to demonstrate to the world that better systems are both required - and available - thus improving the world's security. There have been theoretical studies done showing that a specialized computer "DES cracker" could be built for a modest sum, which could crack keys in mere hours by exhaustive search. However, no one is known to have built such a machine in the private sector - and nobody knows if one has been built in any government, either. The successes of the RSA Factoring Challenge show that for some types of problems, it's possible to recruit spare "cycles" on a large number of machines distributed around the Internet. Therefore, by offering a suitable incentive, it should be possible to recruit sufficient CPU power across the Internet to exhaustively search the DES keyspace in a matter of weeks. Computer scientists have already developed software that will allow even the novice computer user to participate in the cracking effort. By incorporating the key search software in a "screen saver", a simple PC anywhere on the Internet can devote its spare time to working on the problem - remotely and completely unattended. Even people with limited computer skills will be able to participate. In the RSA DES Challenge, the motto will definitely be "The More, The Merrier". The Contest Full details of the RSA DES Challenge will be posted on the RSA home page (http://www.rsa.com/) during the first weeks of January. Complete rules for the competition will be provided as well as example challenges and solutions against which computer scientists and hackers can test their software. In conjunction with the RSA DES Challenge, RSA will simultaneously launch a series of other contests based around the RC5 Symmetric Block Cipher (another encryption algorithm). Since RC5 is a variable key length block cipher, targets that offer increasing resistance against so-called "exhaustive search attacks" will be posted in the hope of assessing the full impact of a widely-distributed exhaustive search. There will be 12 challenges based on the use of RC5. Prizes will be awarded for the recovery of each of 12 keys which are chosen to be of lengths varying from 40 bits all the way up to 128 bits, with the length increasing in steps of eight bits. The email sender of the first correctly formatted submissions to each contest will receive a cash prize. For the RSA DES Challenge the first sender of the secret DES key will receive $10,000. For the other contests the prize money awarded will vary with the difficulty of the RC5 key attacked. For more information about the ongoing RSA Factoring Challenge send email to challenge-administrator@rsa.com and for the latest news and developments send email to challenge-news@rsa.com. About RSA Data Security, Inc. RSA Data Security, Inc., a wholly owned subsidiary of Security Dynamics Technologies, Inc., is the world's brand name for cryptography, with more than 75 million copies of RSA encryption and authentication technologies installed and in use worldwide. RSA technologies are part of existing and proposed standards for the Internet and World Wide Web, IT4, ISO, ANSI, IEEE, and business, financial and electronic commerce networks around the globe. The company develops and markets platform-independent developer's kits and end-user products, and provides comprehensive cryptographic consulting services. For more information on any of RSA's encryption technologies, please call RSA directly at 415/595-8782 or send electronic mail to sales@rsa.com. RSA also provides information on its Web site at http://www.rsa.com. **************************************************************** Kurt R. Stammberger Director, Technology Marketing RSA Data Security, Inc. (A Security Dynamics Company) 415-595-8782 vox 415-595-1873 fax kurt@rsa.com www.rsa.com