Brute Force: Cracking the Data Encryption StandardIn the 1960s, it became increasingly clear that more and more information was going to be stored on computers, not on pieces of paper. With these changes in technology and the ways it was used came a need to protect both the systems and the information. For the next ten years, encryption systems of varying strengths were developed, but none proved to be rigorous enough. In 1973, the NBS put out an open call for a new, stronger encryption system that would become the new federal standard. Several years later, IBM responded with a system called Lucifer that came to simply be known as DES (data encryption standard). The strength of an encryption system is best measured by the attacks it is able to withstand, and because DES was the federal standard, many tried to test its limits. (It should also be noted that a number of cryptographers and computer scientists told the NSA that DES was not nearly strong enough and would be easily hacked.) Rogue hackers, usually out to steal as much information as possible, tried to break DES. A number of "white hat" hackers also tested the system and reported on their successes. Still others attacked DES because they believed it had outlived its effectiveness and was becoming increasingly vulnerable. The sum total of these efforts to use all of the possible keys to break DES over time made for a brute force attack. In 1996, the supposedly uncrackable DES was broken. In this captivating and intriguing book, Matt Curtin charts DES’s rise and fall and chronicles the efforts of those who were determined to master it. |
Contents
Proposal | 163 |
In the Lead | 165 |
Recruiting | 169 |
Threats | 175 |
Overdrive | 189 |
Distributed | 199 |
An Obstacle | 207 |
Export | 213 |
| 63 | |
| 75 | |
| 77 | |
| 85 | |
| 91 | |
| 97 | |
Progress | 113 |
Trouble | 121 |
Milestones | 127 |
Gateways | 135 |
Network | 139 |
Download | 141 |
Short Circuit | 151 |
DESCHALL Community | 159 |
Getting Word Out | 215 |
Salvos in the Crypto Wars | 229 |
Netlag | 239 |
Terminal Velocity | 241 |
Duct Tape | 249 |
Showdown in the Senate | 255 |
Strong Cryptography Makes the World a Safer Place | 259 |
Aftermath | 267 |
Staying the Course | 271 |
In Retrospect | 275 |
Notes | 283 |
Index | 287 |
Other editions - View all
Common terms and phrases
able administrators allow answer asked attack billion block break called Challenge changes ciphertext client software communicate companies connection contest continued contributing coordinators crack create cryptography decryption DESCHALL client DESCHALL mailing list designed distribution Dolske domain effort encryption export firewalls force getting give going important increase interest Internet issue keep key testing keyserver keyspace kind known letter look machines mailing list manage needed Ohio Once participants percent perform possible problem processor progress question release request require result running secret server simply SolNET someone speed standard started statistics trillion trying turned University users Verser wanted week Windows write wrote
Popular passages
Page 54 - challenge" is often cited as evidence that the government needs only to conduct "brute force" attacks on messages when they are doing a criminal investigation. In reality, law enforcement does not have the luxury to rely on headline-making brute force attacks on encrypted criminal communications. I think you will find it useful to see for yourselves how increased key sizes can make encryption virtually unbreakable. Ironically, the RSA challenge proves this point. • If that Berkeley student was...
Page 54 - If all the personal computers in the world - ~260 million computers - were put to work on a single PGP-encrypted message, it would still take an estimated 12 million times the age of the universe, on average, to break a single message (assuming that each of those workstations had processing power similar to each of the Berkeley student's workstations). Clearly, encryption technology can be made intractable against sheer compute power, and longterm policies cannot be based on bit lengths. Brute force...
Page 52 - Administration has a long-standing policy that the risks to national security and law enforcement which could arise from widespread decontrol of encryption justify continued restrictions on exports. In addition, whether intended or not, we believe the bill as drafted would inhibit the development of key recovery even as an option. The Administration has repeatedly stated that it does not support mandatory key recovery, but we most certainly endorse and encourage development of voluntary key recovery...
Page 54 - ... encrypted criminal communications. I think you will find it useful to see for yourselves how increased key sizes can make encryption virtually unbreakable. Ironically, the RSA challenge proves this point. • If that Berkeley student was faced with an RSA-supplied task of brute forcing a single PGPbased (128-bit key) encrypted message with 250 workstations, it would take him an estimated 9 trillion times the age of the universe to decrypt a single message. Of course, if the Berkeley student didn't...
Page 54 - ... 9 trillion times the age of the universe to decrypt a single message. Of course, if the Berkeley student didn't already know the contents of part of the message — RSA provided some of the unencrypted, message content to assist those who accepted the challenge — it would take even longer. • For that matter, even if every one of the 29,634 students enrolled at UC Berkeley in 1997 each had 250 workstations at their disposal — 7,408,500 computers (cost: -$15B) — it would still take an estimated...
Page 53 - Most significantly, the time needed to decrypt a message rises exponentially as the length of the encryption key increases According to the National Security Agency's estimates, the average time needed to decrypt a single message by means of a brute force cryptoanalytic attack on 56-bit DBS --a strength whose export we are now allowing -- would be approximately one year and eighty-seven days using a thirty-million-dollar supercomputer.
Page 3 - And, if by chance, any magnificent truth falls to its notice, it seizes upon if and abuses it to the manifold disadvantage of persons and of the community. A man is crazy who writes a secret unless he conceals it from the crowd and leaves it so that it can be understood only by effort of the studious and wise. Accordingly, the life of wise men is conducted after this principle, and secrets of wisdom are hidden by a variety of methods. Some are hidden under characters and symbols, others in enigmatical...
Page 55 - ... to each of the Berkeley student's workstations). Clearly, encryption technology can be made intractable against sheer compute power, and longterm policies cannot be based on bit lengths. Brute force attacks cannot be the primary solution for law enforcement decryption needs. This line of argument is a distraction from the real issues at hand, and I encourage you to help put this debate behind us. Estimated Time Needed to Recover a Single Key Using the 250 Workstations Used By the Berkeley Student...
Page 54 - These myths and distractions include brute force attacks, comparisons to earlier key escrow initiatives, and encryption availability and use. /.' is short-sighted to base long-term encryption policy on bit lengths and brute force attacks You may have heard news accounts of a University of California Berkeley student who recently decrypted a message that was encrypted with a 40-bit key using 250 workstations as part of a contest from USA Inc. This so-called "challenge...
Page 52 - The bill appears to decontrol even the strongest encryption products, thus severely limiting government review of highly sensitive transactions. The Administration has a long-standing policy that the risks to national security and law enforcement which could arise from widespread decontrol of encryption justify continued restrictions on exports. In addition, whether intended or not, we believe the bill as drafted would inhibit the development of key recovery even as an option. The Administration...
Bibliographic information
| Title | Brute Force: Cracking the Data Encryption Standard |
| Author | Matt Curtin |
| Edition | illustrated |
| Publisher | Springer Science & Business Media, 2007 |
| ISBN | 0387271600, 9780387271606 |
| Length | 292 pages |
| Subjects | › › Computers / Information Theory Computers / Security / General Computers / Social Aspects Language Arts & Disciplines / Library & Information Science / General Mathematics / General Reference / General Science / General |
| Export Citation | BiBTeX EndNote RefMan |