DES challenge news (fwd)

Ulf Möller 3umoelle at informatik.uni-hamburg.de
Wed May 14 16:33:56 PDT 1997


Distributed key cracking efforts have been discussed in detail on
cypherpunks and coderpunks for quite some time.  A Swedish group
trying to solve RSADSI's DES challenge chose to ignore the results.
Here is what they got (from RISKS 19.14):

>Date: Mon, 12 May 1997 17:56:54 +0200 (MET DST)
>From: Thomas Koenig <ig25 at mvmap66.ciw.uni-karlsruhe.de>
>Subject: DES challenge news

You may remember RISKS-19.09, in which I discussed the risks in a
network-wide attack on the RSA DES challenge: The Swedish group at
http://www.des.sollentuna.se/ didn't give out its source, so the client
could, in fact, do anything, such as crack a master EC-card key.  The reason
given was client integrity.

Well, a month after this, the promised source code release has not happened.
Instead, it appears that somebody disassembled part of the client, made a
version that reported fake "done" blocks, and then sent these to the
servers.

Moral?  Don't ever think that nobody can read compiled code.  Don't try to
run a cooperative effort like this in a closed development model.

Thomas Koenig, Thomas.Koenig at ciw.uni-karlsruhe.de, ig25 at dkauni2.bitnet.

------------------------------









More information about the cypherpunks-legacy mailing list