From owner-freebsd-chat Wed Jan 29 06:33:48 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA02654 for chat-outgoing; Wed, 29 Jan 1997 06:33:48 -0800 (PST) Received: from po2.glue.umd.edu (root@po2.glue.umd.edu [129.2.128.45]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA02648 for ; Wed, 29 Jan 1997 06:33:46 -0800 (PST) Received: from thurston.eng.umd.edu (thurston.eng.umd.edu [129.2.103.25]) by po2.glue.umd.edu (8.8.5/8.7.3) with ESMTP id JAA02022 for ; Wed, 29 Jan 1997 09:33:43 -0500 (EST) Received: from localhost (chuckr@localhost) by thurston.eng.umd.edu (8.8.5/8.7.3) with SMTP id JAA00207 for ; Wed, 29 Jan 1997 09:33:42 -0500 (EST) X-Authentication-Warning: thurston.eng.umd.edu: chuckr owned process doing -bs Date: Wed, 29 Jan 1997 09:33:42 -0500 (EST) From: Chuck Robey X-Sender: chuckr@thurston.eng.umd.edu To: FreeBSD-chat@FreeBSD.org Subject: More on crypto Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-chat@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk I've had a legion of requests to post the whole article (I was unsure of interest on the list, so I was fishing for response). I thought I'd posted this last night after the first couple responses, but I haven't seen it on the list. Because of that, I'm going to post it again, including two new articles, the first of which gives the URL everyone's requested, and the second gives several urls that would be interesting to folks who want to experiment with making DES crackers of their own. You guys ought to note the mailing list addresses, because the c2 list I'm posting from is pretty low noise, about like FreeBSD-current. Anyway, here's the artucles: >From iang@cs.berkeley.edu Wed Jan 29 00:10:59 1997 >Date: Tue, 28 Jan 1997 15:59:15 -0800 (PST) >From: Ian Goldberg >To: cryptography@c2.net >Subject: Last nail for US crypto export policy? EXPORTABLE CRYPTOGRAPHY TOTALLY INSECURE: CHALLENGE CIPHER BROKEN IMMEDIATELY January 28, 1997 - Ian Goldberg, a UC Berkeley graduate student, announced today that he had successfully cracked RSA Data Security Inc.'s 40-bit challenge cipher in just under 3.5 hours. RSA challenged scientists to break their encryption technology, offering a $1000 award for breaking the weakest version of the code. Their offering was designed to stimulate research and practical experience with the security of today's codes. The number of bits in a cipher is an indication of the maximum level of security the cipher can provide. Each additional bit doubles the potential security level of the cipher. A recent panel of experts recommended using 90-bit ciphers, and 128-bit ciphers are commonly used throughout the world, but US government regulations restrict exportable US products to a mere 40 bits. Goldberg's announcement, which came just three and a half hours after RSA started their contest, provides very strong evidence that 40-bit ciphers are totally unsuitable for practical security. "This is the final proof of what we've known for years: 40-bit encryption technology is obsolete," Goldberg said. The US export restrictions have limited the deployment of technology that could greatly strengthen security on the Internet, often affecting both foreign and domestic users. "We know how to build strong encryption; the government just won't let us deploy it. We need strong encryption to uphold privacy, maintain security, and support commerce on the Internet -- these export restrictions on cryptography must be lifted," Goldberg explained. Fittingly, when Goldberg finally unscrambled the challenge message, it read: "This is why you should use a longer key." Goldberg used UC Berkeley's Network of Workstations (known as the NOW) to harness the computational resources of about 250 idle machines. This allowed him to test 100 billion possible "keys" per hour -- analogous to safecracking by trying every possible combination at high speed. This amount of computing power is available with little overhead cost to students and employees at many large educational institutions and corporations. Goldberg is a founding member of the ISAAC computer security research group at UC Berkeley. In the Fall of 1995, the ISAAC group made headlines by revealing a major security flaw in Netscape's web browser. ======================================================================= >From sameer@c2.net Wed Jan 29 09:25:29 1997 >Date: Tue, 28 Jan 1997 22:40:41 -0800 (PST) >From: sameer >To: stewarts@ix.netcom.com >Cc: iang@cs.berkeley.edu, cryptography@c2.net, cypherpunks@toad.com >Subject: Re: Last nail for US crypto export policy? http://now.cs.berkeley.edu/ > Yee-hah! Congratulations (and enjoy the $1000 check!) > So what did you do interesting cryptographically in the crack, > other than coordinating a bunch of workstations? > Was it just brute force with well-tuned code? > Given the figures in your press release, it sounds like you > tested about 350 billion keys out of a trillion possible, > so you hit the winner a shade early. That's about 400,000 keys/sec/box. > Are the machines mostly Pentiums, Alphas, Suns, etc.? -- Sameer Parekh Voice: 510-986-8770 President FAX: 510-986-8777 C2Net http://www.c2.net/ sameer@c2.net ===================================================================== >From das@razor.engr.sgi.com Wed Jan 29 09:25:38 1997 >Date: Sat, 25 Jan 1997 17:08:08 -0800 >From: Anil Das >To: James Robertson >Subject: Re: [DES] DES Key Recovery Project, Progress Report #7 On Jan 25, 10:49am, James Robertson wrote: > > Are there any efforts being made to develop a version of the > software that can be used by us non-US residents? > > I would certainly like to participate in the Challenge. I'm > sure there are many other interested people out there, in the > big wide world ... No such development outside the US has been publicized. However, it is easy enough to roll your own. What you need: 1) Eric Young's libdes. ftp://ftp.psy.uq.oz.au/pub/Crypto/DES 2) Svend Olaf Mikkelsen's fast replacement for the core DES routine. http://inet.uni-c.dk/~svolaf/des.htm The latest libdes is supposed to have this faster routine incorporated already, so you may not need it. 3) Peter Trei's article on "Optimizing DES Key Recovery in Software". It is available at HKS's news server. news://nntp.hks.net/<199610171918.MAA23054@toad.com> For a first pass, you can just implement the Gray Code technique. That gives most of the speedup. 4) Some information on how to implement Gray Codes. "The Gray Code" by Robert W. Doran. Tech Report 131 from http://www.cs.auckland.ac.nz/~techrep/1996.html Given these resources, it shouldn't take long for a good programmer to implement a DES key search program that is in the same ballpark of performance as Peter Trei's implementation. -- Anil Das