DRAFT: Press Release

C Matthew Curtin (cmcurtin@research.megasoft.com)
Mon, 31 Mar 1997 23:21:25 -0500 (EST)


Comments, please... I want to release this on Wednesday of this
week. If it requires more time to fix up, then I'd like to have it
out as soon after that as possible.

DESCHALL Group Searches for DES Key

[DRAFT] (will say ``for immediate release'' here one day) [DRAFT]

In answer to RSA Data Security, Inc.'s ``crypto challenge,'' a group
of students, hobbyists, and professionals of all varieties is looking
for a needle in a proverbial haystack. The ``needle'' is the
cryptographic key used to encrypt a given message, and the
``haystack'' is the huge pile of possible keys:
72,057,594,037,927,936 of them.

The point? To prove that computing technology is sufficiently
advanced that such a search is feasible using only the spare cycles of
general purpose computing equipment, and as a result, unless much
larger ``keys'' are used, the security provided by cryptosystems is
minimal. Conceptually, a cryptographic key bears many similarities to
the key of a typical lock. A long key has more possible combinations
of grooves than a short key. With a very short key, it might even be
feasible to try every possible combination of grooves in order to find
a key that matches a given lock. In a cryptographic system, keys are
measured in length of bits, rather than grooves, but the principle is
the same: unless a long enough key is used, computers can be used to
figure out every possible combination until the correct one is found.

In an electronic world, cryptography is how both individuals and
organizations keep things that need to be private from being public
knowledge. Whether it's a private conversation or an electronic funds
transfer between two financial institutions, cryptography is what
keeps the details of the data exchange private. It has often been
openly suggested that the US Government's DES (Data Encryption
Standard) algorithm's 56-bit key size is insufficient for protecting
information from either a funded attack, or a large-scale coordinated
attack, where large numbers of computers are used to figure out the
text of the message by brute force: that is, trying every possible
combination.

Success with this project will prove such postulations correct.

The effort is being coordinated through a web site at
http://www.frii.com/~rcv/deschall.htm. Many more
participants are sought in order to speed up the search. The client
software is available through the web site. One simply needs to
follow the download instructions to obtain a copy of the software.
Once this has been done, the client simply needs to be started, and
allowed to run in the background. During otherwise wasted cycles, the
computer will work its way through the DES keyspace, until some
computer cooperating in the effort finds the answer.

Contacts:
Project Coordinator
Rocke Verser <rcv@dopey.verser.frii.com>

Web Site
http://www.frii.com/~rcv/deschall.htm

Mailing List
deschall@gatekeeper.megasoft.com

To subscribe, send the text ``subscribe deschall'' (without the
quotes) to <majordomo@gatekeeper.megasoft.com>, and you'll be
emailed instructions.

-- 
Matt Curtin  Chief Scientist  Megasoft, Inc.  cmcurtin@research.megasoft.com
http://www.research.megasoft.com/people/cmcurtin/    I speak only for myself
Death to small keys.  Crack DES NOW!   http://www.frii.com/~rcv/deschall.htm