search / subscribe / upload / contact












RSS-Feed Depeschen

<< ^ >>

Date: 1998-07-18

e-commerce: EFF crackt Standard/verschluesselung

-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

Serienmässig. Ganz offenbar ist 56/bit DES Verschlüsselung
so leicht crack/bar, dass es das nötige Software/Rüstzeug
schon bald in freier (public domain) Wild/bahn erhältlich
gibt.

Bester Satz: It took EFF less than
one year to build and cost less than $250,000.

Das sind Entwicklungskosten, die man sich gefallen lässt.

Sch/erzfrage an die p.t. Sch/urnalist/inn/en auf der Liste:
Sch/on mal geguckt, wer in .at oder .de 56/bit DES
encryption für - sagen wir - Geld/transaktionen nützt?

-.-.- --.- -.-.- --.- -.-.- --.-

July 17, 1998

"EFF DES CRACKER" MACHINE BRINGS HONESTY TO CRYPTO DEBATE

ELECTRONIC FRONTIER FOUNDATION PROVES THAT DES IS NOT SECURE

SAN FRANCISCO, CA -- The Electronic Frontier Foundation
(EFF) today raised the level of honesty in crypto politics
by revealing that the Data Encryption Standard (DES) is
insecure. The U.S. government has long pressed industry to
limit encryption to DES (and even weaker forms), without
revealing how easy it is to crack. Continued adherence to
this policy would put critical infrastructures at risk;
society should choose a different course.

To prove the insecurity of DES, EFF built the first
unclassified hardware for cracking messages encoded with
it. On Wednesday of this week the EFF DES Cracker, which
was built for less than $250,000, easily won RSA
Laboratory's "DES Challenge II" contest and a $10,000 cash
prize. It took the machine less than 3 days to complete the
challenge, shattering the previous record of 39 days set by
a massive network of tens of thousands of computers. The
research results are fully documented in a book published
this week by EFF and O'Reilly and Associates, entitled
"Cracking DES: Secrets of Encryption Research, Wiretap
Politics, and Chip Design."

"Producing a workable policy for encryption has proven a
very hard political challenge. We believe that it will only
be possible to craft good policies if all the players are
honest with one another and the public," said John Gilmore,
EFF co-founder and project leader. "When the government
won't reveal relevant facts, the private sector must
independently conduct the research and publish the results
so that we can all see the social trade-offs involved in
policy choices."

The nonprofit foundation designed and built the EFF DES
Cracker to counter the claim made by U.S. government
officials that governments cannot decrypt information when
protected by DES, or that it would take multimillion-dollar
networks of computers months to decrypt one message. "The
government has used that claim to justify policies of weak
encryption and 'key recovery,' which erode privacy and
security in the digital age," said EFF Executive Director
Barry Steinhardt. It is now time for an honest and fully
informed debate, which we believe will lead to a reversal of
these policies."

"EFF has proved what has been argued by scientists for
twenty years, that DES can be cracked quickly and
inexpensively," said Gilmore. "Now that the public knows, it
will not be fooled into buying products that promise real
privacy but only deliver DES. This will prevent
manufacturers from buckling under government pressure to
'dumb down' their products, since such products will no
longer sell." Steinhardt added, "If a small nonprofit can
crack DES, your competitors can too. Five years from now
some teenager may well build a DES Cracker as her high
school science fair project."

The Data Encryption Standard, adopted as a federal standard
in 1977 to protect unclassified communications and data, was
designed by IBM and modified by the National Security
Agency. It uses 56-bit keys, meaning a user must employ
precisely the right combination of 56 1s and 0s to decode
information correctly. DES accounted for more than $125
million annually in software and hardware sales, according
to a 1993 article in "Federal Computer Week." Trusted
Information Systems reported last December that DES can be
found in 281 foreign and 466 domestic encryption products,
which accounts for between a third and half of the market.

A DES cracker is a machine that can read information
encrypted with DES by finding the key that was used to
encrypt that data. DES crackers have been researched by
scientists and speculated about in the popular literature on
cryptography since the 1970s. The design of the EFF DES
Cracker consists of an ordinary personal computer connected
to a large array of custom chips. It took EFF less than one
year to build and cost less than $250,000.

This week marks the first public test of the EFF DES
Cracker, which won the latest DES-cracking speed competition
sponsored by RSA Laboratories
(http://www.rsa.com/rsalabs/). Two previous RSA challenges
proved that massive collections of computers coordinated
over the Internet could successfully crack DES. Beginning
Monday morning, the EFF DES Cracker began searching for the
correct answer to this latest challenge, the RSA DES
Challenge II-2. In less than 3 days of searching, the EFF
DES Cracker found the correct key. "We searched more than
88 billion keys every second, for 56 hours, before we found
the right 56-bit key to decrypt the answer to the RSA
challenge, which was 'It's time for those 128-, 192-, and
256-bit keys,'" said Gilmore.

Many of the world's top cryptographers agree that the EFF
DES Cracker represents a fundamental breakthrough in how we
evaluate computer security and the public policies that
control its use. "With the advent of the EFF DES Cracker
machine, the game changes forever," said Whitfield Diffie,
Distinguished Engineer at Sun Microsystems and famed
co-inventor of public key cryptography. "Vast Internet
collaborations cannot be concealed and so they cannot be
used to attack real, secret messages. The EFF DES Cracker
shows that it is easy to build search engines that can."

"The news is not that a DES cracker can be built; we've
known that for years," said Bruce Schneier, the President of
Counterpane Systems. "The news is that it can be built
cheaply using off-the-shelf technology and minimal
engineering, even though the department of Justice and the
FBI have been denying that this was possible." Matt Blaze, a
cryptographer at AT&T Labs, agreed: "Today's announcement is
significant because it unambiguously demonstrates that DES
is vulnerable, even to attackers with relatively modest
resources. The existence of the EFF DES Cracker proves that
the threat of "brute force" DES key search is a reality.
Although the cryptographic community has understood for
years that DES keys are much too small, DES-based systems
are still being designed and used today. Today's
announcement should dissuade anyone from using DES."

EFF and O'Reilly and Associates have published a book about
the EFF DES Cracker, "Cracking DES: Secrets of Encryption
Research, Wiretap Politics, and Chip Design." The book
contains the complete design details for the EFF DES Cracker
chips, boards, and software. This provides other
researchers with the necessary data to fully reproduce,
validate, and/or improve on EFF's research, an important
step in the scientific method. The book is only available
on paper because U.S. export controls on encryption
potentially make it a crime to publish such information on
the Internet.

EFF has prepared a background document on the EFF DES
Cracker, which includes the foreword by Whitfield Diffie to
"Cracking DES." See http://www.eff.org/DEScracker/. The
book can be ordered for worldwide delivery from O'Reilly &
Associates at http://www.ora.com/catalog/crackdes, +1 800
998 9938, or +1 707 829 0515.

**********

The Electronic Frontier Foundation is one of the leading
civil liberties organizations devoted to ensuring that the
Internet remains the world's first truly global vehicle for
free speech, and that the privacy and security of all
on-line communication is preserved. Founded in 1990 as a
nonprofit, public interest organization, EFF is based in San
Francisco, California. EFF maintains an extensive archive
of information on encryption policy, privacy, and free
speech at http://www.eff.org.

-.-.- --.- -.-.- --.- -.-.- --.-
TIP
Download free PGP 5.5.3i (Win95/NT & Mac)
http://keyserver.ad.or.at/pgp/download/

-.-.- --.- -.-.- --.- -.-.- --.-
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by
published on: 1998-07-18
comments to office@quintessenz.at
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<< ^ >>

BigBrotherAwards Eintritt zur Gala sichern ... 25. Oktober 2023 #BBA23


	CURRENTLY RUNNING
	q/Talk 1.Juli: The Danger of Software Users Don't Control Dr.h.c. Richard Stallman live in Wien, dem Begründer der GPL und des Free-Software-Movements

	!WATCH OUT!
	bits4free 14.Juli 2011: OpenStreetMap Erfinder Steve Coast live in Wien Wie OpenStreetMaps die Welt abbildet und was ein erfolgreiches Crowdsourcing Projekt ausmacht.