[1993] in cryptography@c2.net mail archive
Re: DES Challenge II -- New RSA-sponsored Contest
daemon@ATHENA.MIT.EDU (Vin McLellan)
Sun Dec 21 19:36:28 1997
In-Reply-To: <9712190046.AA04740@mentat.com>
Date: Sun, 21 Dec 1997 01:00:22 -0500
To: jim@mentat.com (Jim Gillogly)
From: Vin McLellan <vin@shore.net>
Cc: cryptography@c2.net
Vin McLellan (quoting RSADSI) described a series of RSA-sponsored
six-month contests to reward faster (brute force) attacks on DES
ciphertext. The contests will reward successive improvements in
time-to-crack, with the initial six-month challenge cycle setting a goal of
90 days. He quoteth thusly:
>> "The 'previous winner's' time that will be used for the first contest is 90
>> days."
Jim Gillogly <jim@mentat.com> questioned the 90-day target --
seemingly arbitrary, given the available history of distributed attacks on
DES -- and noted that this time-frame was not cited on RSA's webpage on DES
Challenge II.)
>The previous winner in the DES contest was 140 days, according to the
>RSA "status" web page. This last sentence doesn't appear in the
>current RSA challenge page at
>http://www.rsa.com/rsalabs/des2/html/continued.html.
Hi Jim:
I lifted that text from the PRNewswire broadcast of the RSA
announcement. (The press release I saw is also on the RSA website -- on a
link off the DES II Challenge page -- at:
http://www.rsa.com/pressbox/html/971217.html)
I presume with 90 days they are just raising the bar a little.
You are, of course, factually correct. The original RSA-sponsored
DES Challenge was broken in 140 calendar days. But this is a different
contest... and it's not as if people are doing this for the money. (There
has got to be an almost infinite number of easier and more certain ways to
make money;-)
I'll send a note off to someone at RSA Labs and ask for the logic
behind the choice of the 90-day target and I'll pass the response on to
you. (I'll also suggest they include that little "90" detail to the
outline of the contest rules on their DES II page, if the press release was
accurate.)
I like the idea of the contest, so I hope to put some cycles
on-line for it. I don't think even the eventual crack of one of the
longer-key RC5 ciphers would equal the political impact of seeing the
time-to-break for DES ratchet downward.
In many industry circles, 140 days and X-thousand machines has been
treated as an unwholesome measure of the true security of DES. A
validation, no less!
Suerte,
_Vin
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <vin@shore.net> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
