Final (?) Draft of Press Release

C Matthew Curtin (
Wed, 2 Apr 1997 01:28:15 -0500 (EST)

I think I was able to address most concerns with the original, but not
all. I think it does a reasonable job of getting the point across
without boring folks with more background than others, or totally
losing those with less relevant background. (Or getting too wordy to
lose the news-types we're looking for!)

If there are no major changes requested, I'll post it again in HTML
sometime tomorrow. Hopefully Rocke will be able to put it on the web
site soon; I'll forward the thing around to some trade rags and


---------------------- begin announcement-thing ----------------------

DESCHALL Group Searches for DES Key

[Final DRAFT] (will say "for immediate release" here one day) [Final DRAFT]

In answer to RSA Data Security, Inc.'s "crypto challenge," a group
of students, hobbyists, and professionals of all varieties is looking
for a needle in a proverbial haystack. The "needle" is the
cryptographic key used to encrypt a given message, and the
"haystack" is the huge pile of possible keys: 72,057,594,037,927,936
(that's over 72 quadrillion) of them.

The point? To prove that computing technology is sufficiently
advanced that such a search is feasible using only the spare cycles of
general purpose computing equipment, and as a result, unless much
larger "keys" are used, the security provided by cryptosystems is
minimal. Conceptually, a cryptographic key bears many similarities to
the key of a typical lock. A long key has more possible combinations
of grooves than a short key. With a very short key, it might even be
feasible to try every possible combination of grooves in order to find
a key that matches a given lock. In a cryptographic system, keys are
measured in length of bits, rather than grooves, but the principle is
the same: unless a long enough key is used, computers can be used to
figure out every possible combination until the correct one is found.

In an electronic world, cryptography is how both individuals and
organizations keep things that need to be private from being public
knowledge. Whether it's a private conversation or an electronic funds
transfer between two financial institutions, cryptography is what
keeps the details of the data exchange private. It has often been
openly suggested that the US Government's DES (Data Encryption
Standard) algorithm's 56-bit key size is insufficient for protecting
information from either a funded attack, or a large-scale coordinated
attack, where large numbers of computers are used to figure out the
text of the message by brute force in their idle time: that is, trying
every possible combination.

Success with this project will prove such postulations correct, and
win the first person to report the correct solution to RSA

Many more participants are sought in order to speed up the search.
The free client software is available through the web site. One
simply needs to follow the download instructions to obtain a copy of
the software. Once this has been done, the client simply needs to be
started, and allowed to run in the background. During unused cycles,
the computer will work its way through the DES keyspace, until some
computer cooperating in the effort finds the answer.

If you can participate yourself, we urge you to do so. If not, please
make those you know aware of our effort, so that they might be able to
participate. Every little bit helps, and we need all the clients we
can get to help us quickly provide an answer to RSA's challenge.


Project Coordinator
Rocke Verser

Web Site rcv/deschall.htm

Mailing List

RSA Data Security Crypto Challenge '97 Site

To subscribe, send the text "subscribe deschall" (without the
quotes) to, and you'll be
emailed instructions.

---------------------- end announcement-thingie ----------------------

Matt Curtin  Chief Scientist  Megasoft, Inc.    I speak only for myself
Death to small keys.  Crack DES NOW!