[256] in cryptography@c2.net mail archive
DES Key recovery project, Progress Report #7
daemon@ATHENA.MIT.EDU (Peter Trei)
Thu Feb 20 16:40:55 1997
From: "Peter Trei" <trei@process.com>
To: coderpunks@toad.com, cryptography@c2.net
Date: Thu, 20 Feb 1997 16:24:48 -6
Reply-to: trei@process.com
CC: trei@c2.net
Just a brief note....
1. I *think* this is #7 - I'm not sure if I used #6 or not.
2. The software:
There are at least two groups looking at using FPGA machines
to attack DES.
My DESKR program is improving fairly rapidly. It now gets
283,000 keys/sec on a 100 MHz Pentium, which well exceeds
my initial target of 223k. I should be sending it out to
requesters on Friday. Sven Mikkelsen's Bryddes now
claims 390k, about 37% faster. I'd really like to examine
his code, but he has not released it for independent
verification. I know he as at least one trick I have not
implemented, which means that most the time he does not
have to complete 14 rounds, but just part of the 13th and
14th.
It looks like DES key crackers run 5-7 times faster than
RC5 crackers on the same machine. The jump from RC5-48 to
DES-56 is therefore a factor of 30-50, not 256.
3. The European software based effort:
The same group which cracked 48 bit RC5 is now looking at
working on DES. They have not started their attack yet,
and seem to be over a week from doing so.
In talking to some of their members, I came across an aspect
of their effort which I had never considered.
It seems that the existance of the prize money is a problem
to many of them - they have either personal objections to
it ('we should be demonstrating that Internet users can
unite and rise above crass commercial concerns'), or they
are using university owned machines and are under restrictions
against using them for profit. The $5000 prize from the
RC5-48 crack was given to Project Gutenburg (a worthy cause,
but I'd have prefered EPIC). Many of the people in that group
become quite incensed when it's suggested that the key-finder
decide what to do with the money.
In any case, they're still arguing on how to dispose of
a $10,000 check, and their client-server system will both
NOT tell the client owner that he/she has found the key, and
will keep the map of searched/unsearched keyspace a secret,
so that uncoordinated searchers will not be able to take
advantage of it.
I regard this as counterproductive, since my goal is to
break the challenge in the minimum time, but they seem to
have an added goal of demonstrating organization.
Peter Trei
trei@process.com
ptrei@acm.org
