Home About RSA Careers at RSA Contact RSA Developers’ Corner Directions to RSA Events FREE Software & Publications FTP Site Partner Products Price List Pressbox RSA Art Gallery RSA Japan RSA Labs RSA Products Search Security Dynamics Standards [INLINE] [INLINE] [INLINE] [INLINE] DES RSA Data Security RSA Challenge Cracked [INLINE] _____________________________________________________________________________________ [INLINE] [INLINE] Government encryption standard DES takes a fall Rocke Verser Takes $10,000 RSA Challenge by cracking DES Tuesday, June 17 marked a milestone event in cryptography - the day the RSA DES Challenge was solved. Shortly before midnight on Tuesday, an RSA Data Security, Inc. automated server confirmed that Rocke Verser of Loveland, Colorado, had submitted the winning DES key. Verser garnered the $10,000 prize that teams worldwide had been vying for since January. With his win, Rocke well earned his $10,000 prize money and the fame that’s sure to follow. But for DES, the venerable, trusted, and widely used Government cipher, this may be the final blow that indicates it’s time has passed. DES is the Data Encryption Standard, an encryption block cipher defined and endorsed by the U.S. government in 1977 as an official standard. The encryption “workhorse” of the banking and financial communities for over twenty years, DES has been renewed every five years by the National Institute of Standards and Technology (NIST) and is presently up for review. DES has been extensively studied since its publication and is the most well-known and widely used secret-key cipher in the world. The RSA Secret-Key Challenge The RSA Secret-Key Challenge, announced at the RSA Data Security Conference in January, provided $1,000, $5,000 and $10,000 prizes for breaking various RC5(TM) keys at different sizes and gave a $10,000 prize to break DES, which uses a fixed-size, 56-bit encryption key. (RC5 is RSA’s variable key, parameterized symmetric-key cipher. So far, the 40-bit and 48-bit RC5 key challenges have also been solved. There are twelve RC5 challenges in all.) RSA launched the Secret-Key Challenge to investigate the power of distributed computing attacks over the Internet, and to show the relative strength of RC5 at various key sizes, and the strength of 56-bit DES. Breaking DES Responding to the Challenge, including a prize of $10,000, Rocke Verser, with the help of team leaders Matt Curtin and Justin Dolske decided to tackle DES. (To date, the most effective way to “crack” DES is through an attack known as “brute force.” In brute force attacks, a challenger keeps trying new possible DES keys until they find the specific key used to encipher the challenge phrase.) Rocke created a “cracking” program that would keep trying new keys till it solved the DES challenge phrase. He designed the program so that it could be distributed and downloaded over the Internet. The project, code-named DESCHALL, linked together hundreds, and eventually tens of thousands of volunteer computers. As each new computer volunteer signed on, the DESCHALL team created new portions of the DES key space for each of these machines to test. Wrong DES keys could be eliminated, and the correct key, somewhere, would be rooted out. The Power of The Internet The attack team included an amazing array of Internet volunteers and computing resources from industry, universities, and government. With a possible 72 quadrillion keys to test, this distributed attack would require an incredibly large amount of computing power. And compute the DESCHALL team did, at some points testing almost seven billion keys per second. And by writing different crackers for Unix, Windows, Macintosh, and OS/2 operating systems, the DESCHALL team could utilize the computing power of the largest workstations, as well as more modest personal home computers. Ironically, under current U.S. Dept. of Commerce export regulations, and underscoring a problem faced by the U.S. software industry, the DESCHALL team could not export the cracking program outside the U.S. and Canada. SolNet, a competitive effort based in Sweden was able to take advantage of this restriction. Even though they started much later than the DESCHALL team, by marketing their cracker worldwide, they had searched nearly 10 quadrillion keys when the DESCHALL team hit on the winning key. Lots of Help and a Little Luck In the end, the DESCHALL effort solved the DES challenge after only searching 24.6% of the key space. (about 18 quadrillion keys!) The winning key was determined by Michael Sanders, using a Pentium 90 MHz desktop PC with 16 megs of RAM. As promised, Rocke Verser plans to split his $10,000 winnings 60/40 with the actual winning computer, and as such, will give $4,000 of his prize to Mr. Sanders. Mr. Sanders knew he had the right key when his machine successfully decrypted the DES challenge phrase. “Strong cryptography makes the world a safer place.” RC5 is a trademark of RSA Data Security [INLINE] [INLINE] RSA Press Release Fact Sheet Frequently Asked Questions about RSA Secret-Key Challenge RSA Secret-Key Challenge Home DESCHALL Home Page DES In The News [INLINE] [INLINE] _____________________________________________________________________________________ [INLINE] [INLINE] [INLINE] RSA Press Release | Fact Sheet | Secret-Key Challenge FAQ RSA Secret-Key Challenge | DESCHALL Home Page DES In The News | RSA Home | DES Cracked Home _____________________________________________________________________________________ Send any website feedback or comments to: webmaster@rsa.com Copyright © 1997, RSA Data Security, Inc. All Rights Reserved.