[268] in cryptography@c2.net mail archive
Re: DES Key recovery project, Progress Report #7
daemon@ATHENA.MIT.EDU (Germano Caronni)
Fri Feb 21 12:45:12 1997
From: Germano Caronni <caronni@tik.ee.ethz.ch>
To: trei@process.com
Date: Fri, 21 Feb 1997 12:38:18 +0100 (MET)
Cc: coderpunks@toad.com, cryptography@c2.net, des-challenge@muffin.org
In-Reply-To: <199702202118.NAA22859@toad.com> from "Peter Trei" at Feb 20, 97 04:24:48 pm
Peter Trei wrote:
>
> It looks like DES key crackers run 5-7 times faster than
> RC5 crackers on the same machine. The jump from RC5-48 to
> DES-56 is therefore a factor of 30-50, not 256.
Which is a *very* good thing. As it puts all the DES efforts into a better
position in being successfull, and that in a timely manner. But consider the
fact that independant searches and coordinated groups have now been actively
trying to find the DES key. What kind of publicity will it be if somebody
comes in a month or two and says:
"After 2-3 months of searching, the whole internet was able to find one
single DES key."
Do you value this positively?
I would suggest putting together all independent and coordinated approaches,
give them a fixed start time (e.g. 1.3.97) so that later the claim can be
made: " [10-999]'000 machines on the internet found the DES key after 2
weeks of searching." Sounds much better to me. Well, the start was in
Jnuary, and nothing to be changed about that, isn't it? ;-)
> 3. The European software based effort:
> In any case, they're still arguing on how to dispose of
> a $10,000 check, and their client-server system will both
> NOT tell the client owner that he/she has found the key, and
> will keep the map of searched/unsearched keyspace a secret,
> so that uncoordinated searchers will not be able to take
> advantage of it.
Are you reporting facts, or just aspects of an ongoing discussion?
I believe the second is true.
> I regard this as counterproductive, since my goal is to
> break the challenge in the minimum time, but they seem to
> have an added goal of demonstrating organization.
Showing that 7500 machines all over the internet could be thightly clustered
for the rc5-48 attack was a nice side-effect of our key breaking.
I guesss the actual goal of our current efforts is not so clear
anymore... :-( Nevertheless, software is being done, and people are waiting
for clients and server to come up. I hope this happens soon.
Germano
