Re: DES Security

C Matthew Curtin (
Wed, 16 Apr 1997 09:50:34 -0400 (EDT)

>>>>> "Icepick" == Icepick <> writes, quoting AC2e:

Icepick> The rumor is that the
Icepick> NSA can crack DES in 3 to 15 minutes, depending on how much
Icepick> preprocessing they can do. And these machines cost only
Icepick> $50,000 each, in quanity.

I think this is generally the basis of my interest in cracking a DES
key this way. Up until now, any sorts of brute-force searches of the
keyspace requires "specialized" hardware, the stuff that makes the
average New York Times reader's eyes glaze over. Most people don't
have the foggiest idea what FPGA or ASIC technology is, or that the
"specialized" hardware needed to crack DES keys uses it.

The whole thing is very removed from them, and they feel safe.

Now, if we can prove -- by expirment; not calculations -- that a bunch
of personal computers, just like what they have at home and at work,
can be made to work together and accomplish the same objective, the
significance of what we're doing suddenly comes closer to home. The
fact of the matter is that, if we're successful, we will have proven
that a bunch of people cooperating to use their computers' idle time
is enough to break much of the encrypted traffic flying around in the
financial community today.

Now, they become afraid. And rightfully so. It's clear that unless
the consumers demand higher security[1] -- and have some clue as to
what that is -- it just isn't going to happen.

1 - Alternatively, the security organizations within the financial
industry could understand our efforts as a serious warning, and
will starting using longer keys in order to protect themselves
from further losses due to fraud, etc., that is certain to start
happening as the power to break their crypto comes increasingly
close to individual "3l33+ h4cq0rz".

Matt Curtin  Chief Scientist  Megasoft, Inc.    I speak only for myself
Death to small keys.  Crack DES NOW!