Fun_People Archive
17 Jul
DES really is bogus - A proof


Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Fri, 17 Jul 98 12:48:55 -0700
To: Fun_People
Precedence: bulk
Subject: DES really is bogus - A proof

X-Lib-of-Cong-ISSN: 1098-7649
Forwarded-by: "Dan 'Dante' Tenenbaum" <dante@halcyon.com>
Forwarded-by: Julian Jiggins
Forwarded-by: David D'Souza
From: John Gilmore <gnu@toad.com>

Subject: "EFF DES Cracker" machine brings honesty to crypto debate

CONTACTS:

Alexander Fowler, +1 202 462 5826, afowler@eff.org
Barry Steinhardt, +1 415 436 9333 ext. 102, barrys@eff.org
John Gilmore, +1 415 221 6524, gnu@toad.com

"EFF DES CRACKER" MACHINE BRINGS HONESTY TO CRYPTO DEBATE

ELECTRONIC FRONTIER FOUNDATION PROVES THAT DES IS NOT SECURE

SAN FRANCISCO, CA -- The Electronic Frontier Foundation (EFF) today raised
the level of honesty in crypto politics by revealing that the Data
Encryption Standard (DES) is insecure. The U.S. government has long pressed
industry to limit encryption to DES (and even weaker forms), without
revealing how easy it is to crack. Continued adherence to this policy would
put critical infrastructures at risk; society should choose a different
course.

To prove the insecurity of DES, EFF built the first unclassified hardware
for cracking messages encoded with it. On Wednesday of this week the EFF
DES Cracker, which was built for less than $250,000, easily won RSA
Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took
the machine less than 3 days to complete the challenge, shattering the
previous record of 39 days set by a massive network of tens of thousands of
computers. The research results are fully documented in a book published
this week by EFF and O'Reilly and Associates, entitled "Cracking DES:
Secrets of Encryption Research, Wiretap Politics, and Chip Design."
"Producing a workable policy for encryption has proven a very hard political
challenge. We believe that it will only be possible to craft good policies
if all the players are honest with one another and the public," said John
Gilmore, EFF co-founder and project leader. "When the government won't
reveal relevant facts, the private sector must independently conduct the
research and publish the results so that we can all see the social
trade-offs involved in policy choices."

The nonprofit foundation designed and built the EFF DES Cracker to counter
the claim made by U.S. government officials that governments cannot decrypt
information when protected by DES, or that it would take multimillion-dollar
networks of computers months to decrypt one message. "The government has
used that claim to justify policies of weak encryption and 'key recovery,'
which erode privacy and security in the digital age," said EFF Executive
Director Barry Steinhardt. It is now time for an honest and fully informed
debate, which we believe will lead to a reversal of these policies."

"EFF has proved what has been argued by scientists for twenty years, that
DES can be cracked quickly and inexpensively," said Gilmore. "Now that the
public knows, it will not be fooled into buying products that promise real
privacy but only deliver DES. This will prevent manufacturers from buckling
under government pressure to 'dumb down' their products, since such products
will no longer sell." Steinhardt added, "If a small nonprofit can crack DES,
your competitors can too. Five years from now some teenager may well build
a DES Cracker as her high school science fair project."

The Data Encryption Standard, adopted as a federal standard in 1977 to
protect unclassified communications and data, was designed by IBM and
modified by the National Security Agency. It uses 56-bit keys, meaning a
user must employ precisely the right combination of 56 1s and 0s to decode
information correctly. DES accounted for more than $125 million annually in
software and hardware sales, according to a 1993 article in "Federal
Computer Week." Trusted Information Systems reported last December that DES
can be found in 281 foreign and 466 domestic encryption products, which
accounts for between a third and half of the market.

A DES cracker is a machine that can read information encrypted with DES by
finding the key that was used to encrypt that data. DES crackers have been
researched by scientists and speculated about in the popular literature on
cryptography since the 1970s. The design of the EFF DES Cracker consists of
an ordinary personal computer connected to a large array of custom chips.
It took EFF less than one year to build and cost less than $250,000.

This week marks the first public test of the EFF DES Cracker, which won the
latest DES-cracking speed competition sponsored by RSA Laboratories
(http://www.rsa.com/rsalabs/). Two previous RSA challenges proved that
massive collections of computers coordinated over the Internet could
successfully crack DES. Beginning Monday morning, the EFF DES Cracker began
searching for the correct answer to this latest challenge, the RSA DES
Challenge II-2. In less than 3 days of searching, the EFF DES Cracker found
the correct key. "We searched more than 88 billion keys every second, for
56 hours, before we found the right 56-bit key to decrypt the answer to the
RSA challenge, which was 'It's time for those 128-, 192-, and 256-bit
keys,'" said Gilmore.

Many of the world's top cryptographers agree that the EFF DES Cracker
represents a fundamental breakthrough in how we evaluate computer security
and the public policies that control its use. "With the advent of the EFF
DES Cracker machine, the game changes forever," said Whitfield Diffie,
Distinguished Engineer at Sun Microsystems and famed co-inventor of public
key cryptography. "Vast Internet collaborations cannot be concealed and so
they cannot be used to attack real, secret messages. The EFF DES Cracker
shows that it is easy to build search engines that can."

"The news is not that a DES cracker can be built; we've known that for
years," said Bruce Schneier, the President of Counterpane Systems. "The news
is that it can be built cheaply using off-the-shelf technology and minimal
engineering, even though the department of Justice and the FBI have been
denying that this was possible." Matt Blaze, a cryptographer at AT&T Labs,
agreed: "Today's announcement is significant because it unambiguously
demonstrates that DES is vulnerable, even to attackers with relatively
modest resources. The existence of the EFF DES Cracker proves that the
threat of "brute force" DES key search is a reality. Although the
cryptographic community has understood for years that DES keys are much too
small, DES-based systems are still being designed and used today. Today's
announcement should dissuade anyone from using DES."

EFF and O'Reilly and Associates have published a book about the EFF DES
Cracker, "Cracking DES: Secrets of Encryption Research, Wiretap Politics,
and Chip Design." The book contains the complete design details for the EFF
DES Cracker chips, boards, and software. This provides other researchers
with the necessary data to fully reproduce, validate, and/or improve on
EFF's research, an important step in the scientific method. The book is only
available on paper because U.S. export controls on encryption potentially
make it a crime to publish such information on the Internet.  EFF has
prepared a background document on the EFF DES Cracker, which includes the
foreword by Whitfield Diffie to "Cracking DES." See
http://www.eff.org/descracker/. The book can be ordered for worldwide
delivery from O'Reilly & Associates at http://www.ora.com/catalog/crackdes,

+1 800 998 9938, or +1 707 829 0515.

**********

The Electronic Frontier Foundation is one of the leading civil liberties
organizations devoted to ensuring that the Internet remains the world's
first truly global vehicle for free speech, and that the privacy and
security of all on-line communication is preserved. Founded in 1990 as a
nonprofit, public interest organization, EFF is based in San Francisco,
California. EFF maintains an extensive archive of information on encryption
policy, privacy, and free speech at http://www.eff.org.

Alexander Fowler
Director of Public Affairs
Electronic Frontier Foundation
E-mail: afowler@eff.org
Tel/Fax: 202 462 5826 (East Coast)
Tel: 415 436 9333; Fax 415 436 9993 (West Coast)
You can find EFF on the Web at <http://www.eff.org>
EFF supports the Global Internet Liberty Campaign
<http://www.gilc.org>


prev [=] prev © 1998 Peter Langston []