[1137] in cryptography@c2.net mail archive
Re: Better DES challenge update
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Jul 1 16:17:11 1997
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@c2.net, mab@crypto.com
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Tue, 1 Jul 1997 19:26:24 (NZST)
>>Hmm, I'll donate 1024 bits to building a low-end DES-cracking machine,
>>contingent on a plausible plan. After a demonstration, the consortium
>>sets a deadline at which des-is-dead.penet.fi goes online with a free
>>forms-based service, first-come/first-served. Strong crypto vendors
>>should fall all over themselves for ad space.
>Frankly, I don't understand why someone hasn't done this already. According
>to the rough estimates we came up with for the 1995 "minimum key length"
>study (<ftp://research.att.com/dist/mab/keylength.txt>), based on Michael
>Wiener's ASIC-based and Eric Thompson's FPGA-based designs, this should
>be do-able within the budget of a small company or group of individuals.
It almost was done last year. A company (which shall remain anonymous) had
the funding set aside to build a DES breaker, it got to the point of "Do we go
with the ASIC guys (a DES key every 3 minutes) or the FPGA guys (every n days,
but retargettable for other algorithms)?". It was just a case of signing
agreements and handing over the money, and the manufacturers would have
started churning out the hardware (the design (and in the FPGA case the
firmware) was complete, the politics had been sorted out, etc). The project
was cancelled at the last minute due to issues unrelated to crypto or
politics.
Their motivation for doing it was that they were preparing an internationally
available e-commerce system which offered security which was significantly
better than the 40-bit or DES-based stuff which most people were (and still
are) using. By being able to say "We can break (virtually) anything everyone
else is using in 3 minutes" (or whatever, for the retargetable FPGA-based
system), they'd get the worlds attention, and once they had it they'd use this
to market their own product (which used triple DES and other, similar-strength
algorithms).
This is an example of a DES-breaker being built not by a government or large
corporation or criminal organisation intent on attacking message traffic, but
by a smallish company who's only interested in the publicity - they fully
accepted that they'd probably end up throwing it away (or selling chunks of it
as souvenirs) after they'd demonstrated it to reporters, but decided that the
publicity they'd get from it was worth far more than the cost of building the
thing.
Peter.
