Tuesday, December 21, 2010

Data Encryption, the EFF and Code Breaking

An interesting history of DES - the Data Encryption Standard - and the efforts of the Electronic Frontier Foundation to demonstrate the inherent weaknesses in DES. At the time. DES was the federal standard for encryption of all non-classified data. It's interesting that the first crack was demonstrated as early as 1997, but a replacement - the Advanced Encryption Standard (AES) - was not approved until mid 2002.

EFF DES cracker - Wikipedia, the free encyclopedia:
In cryptography, the EFF DES cracker (nicknamed "Deep Crack") is a machine built by the Electronic Frontier Foundation (EFF) in 1998 to perform a brute force search of DES cipher's key space — that is, to decrypt an encrypted message by trying every possible key. The aim in doing this was to prove that DES's key is not long enough to be secure.

DES uses a 56-bit key, meaning that there are 256 possible keys under which a message can be encrypted. This is exactly 72,057,594,037,927,936, or approximately 72 quadrillion, possible keys. When DES was approved as a federal standard in 1976, a machine fast enough to test that many keys in a reasonable amount of time would have cost an unreasonable amount of money to build. 
The DES challenges 

Since DES was a federal standard, the US government encouraged the use of DES for all non-classified data. RSA Security wished to demonstrate that DES's key length was not enough to ensure security, so they set up the DES Challenges in 1997, offering a monetary prize. The first DES Challenge was solved in 96 days by the DESCHALL Project led by Rocke Verser in Loveland, Colorado. RSA Security set up DES Challenge II-1, which was solved by distributed.net in 41 days in January and February 1998. 

In 1998, the EFF built Deep Crack for less than $250,000.[1] In response to DES Challenge II-2, on July 17, 1998, Deep Crack decrypted a DES-encrypted message after only 56 hours of work, winning $10,000. This was the final blow to DES, against which there were already some published cryptanalytic attacks. The brute force attack showed that cracking DES was actually a very practical proposition. For well-endowed governments or corporations, building a machine like Deep Crack would be no problem. 
Six months later, in response to RSA Security's DES Challenge III, and in collaboration with distributed.net, the EFF used Deep Crack to decrypt another DES-encrypted message, winning another $10,000. This time, the operation took less than a day — 22 hours and 15 minutes. The decryption was completed on January 19, 1999. In October of that year, DES was reaffirmed as a federal standard, but this time the standard recommended Triple DES (also referred to as 3DES or TDES). 
The small key-space of DES, and relatively high computational costs of triple DES resulted in its replacement by AES as a Federal standard, effective May 26, 2002.
 Photo German-Dutch Enigma machine by Bogdan Migulski - http://flic.kr/p/4yfuYE

No comments:


Related Posts Plugin for WordPress, Blogger...