Cryptography Reference
In-Depth Information
A large number of estimates can be found in the literature as to which computers
would be busy for how long and, mainly, how much a special computer that
could handle this task within meaningful time would cost. In 1993, for example,
the price of a machine used for a 3.5-hour brute-force attack was estimated to
be one million dollars [SchnCr, 1.27; GarPGP, Chapter 3, 'DES Cracking']. Of
course, this estimate is old hat: a mention at EUROCRYPT '98 reduced this
hypothetical time to half an hour (at the same price). A 40-bit DES key could
be found in 50 ms.
The RSA Challenge
Since nobody built such a machine, people fell back on available resources,
namely idle times of computers on the Internet. To this end, RSA Data Security,
Inc. started an initiative called RSA Challenge , where a brute-force attack was
distributed over innumerable computers. When a DES key was found (the
search took from January to June 1997), RSA started a second initiative, which
was successful in February 1998 after only 39 days. In this initiative, about
22 000 users all over the world had put to work more than 50 000 processors
(CPUs) for this task, and tried 85 % of all possible keys before the correct one
came up. You can find all the details on the RSA Web site at www.rsa.com .
'What's all this good for?', you might ask. Brute force is nothing to write
home about these days, and all this computer capacity wasted! Not really, for
the following reasons:
First, computers worked at this task only when they were not busy oth-
erwise so that no valuable computation time was wasted. (In fact, most
computers are jobless during the largest part of their lives.)
Second, the initiative gained valuable experience with distributed pro-
cessing in large projects.
Third and most importantly, the initiative was able to demonstrate to
outsiders, too, that DES is no longer as secure as its supporters claim.
This, in turn, had an immediate impact on the US export policies for
cryptographic products so that eventually all of us profited.
The initiative's first impact, however, looked more like a backfire: in February
1998, an expert declared before US Congress that, while this RSA Challenge
was an impressive proof of how secure DES really was, it also showed that
this approach was inappropriate for practical, unnoticed cryptanalysis. All this
Search WWH ::




Custom Search