[1995] in cryptography@c2.net mail archive
Re: DES Challenge II -- New RSA-sponsored Contest
daemon@ATHENA.MIT.EDU (Vin McLellan)
Mon Dec 22 20:31:16 1997
Date: Mon, 22 Dec 1997 20:00:58 -0500
To: jim@mentat.com (Jim Gillogly)
From: Vin McLellan <vin@shore.net>
Cc: cryptography@c2.net
Just got a note from Burt Kaliski of RSA Labs <burt@rsa.com> in
which he explained that the choice of a 90-day target for the first 6-month
"DES Challenge II" contest was based on the observation that the number of
people and machines involved in the various efforts organized to brute
force a DES ciphertext had grown substantially over the course of the
original contest.
"If the same effort were repeated with the same participants
available the whole time, it would take much less than the 140 days it took
the DESCHALL community to achieve their success," Burt explained.
For the DES Challenge II -- which seeks to highlight the amount of
time involved in cracking DES cryptotext -- "RSA Labs starts the clock at
90 calendar days to account for some of the DESCHALL effort's
end-of-contest momentum," he said.
(Burt also said he would post an additional note on the DES
Challenge II webpage to clarify the rules. See:
<http://www.rsa.com/rsalabs/des2/html/continued.html>)
With several sets of battle-tested software now available for
managing such distributed projects, I suppose the lead for any
participating group could be in the hands of people who are talented at
recruiting, organizing, and motivating potential participatants, but in
RSA's first DES contest each team seemed to be polishing both their client
and server software right up to the end. (Some client modifications cut the
time required to search a given key space in half during the course of the
DES Challenge!)
Personally, I'd rather see the contest structured to allow one or
several (even "cheap") hits on DES early on. Being of low moral character,
I'd have enjoyed watching all those vendor and government spokesfolk who
now use the DESCHALL crack as a _positive_ measure of the "security" of DES
deal with a time-to-crack record that was being successively whittled down:
from 140 to 120 days, and from 120 to 100 days... from 80 to 60 days, etc.
Burt is made of sterner stuff, and apparently wants RSA's new
series of time-to-crack-DES contests to make a more substantive statement.
Actually, ninety days doesn't seem to be a bad estimate for what
DESCHALL might have achieved -- if the 13,000 clients they had at their
peak been working on the project from the beginning. (Even, as was usually
the case, counting just the cycles available between tasks or in off-hours.)
Peter Trei <ptrei@securitydynamics.com>, the guy who proposed the
original DES Challenge contest to Jim Bidzos, will be speaking on the
various Challenge efforts at the RSA Data Security Conference next month.
Peter told me he had calculated that if the coordinators of just
the three largest distributed efforts to tackle the original DES Challenge
-- Rocke Verser's DESCHALL team, SolNet's international crew based in
Sweden, and SGI's internal corporate effort -- could have worked together,
sharing the best of their software, at peak performance they would likely
have been cracking a DES key every _25_ days.
Suerte,
_Vin
Vin McLellan + The Privacy Guild + <vin@shore.net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --
