IP: Group cracks crypto standard

[Dave Farber <farber () cis upenn edu>]

Group cracks crypto standard
By Randy Weston
July 17, 1998, 7:30 a.m. PT
http://www.news.com/News/Item/0%2C4%2C24322%2C00.html?sas.mail


The current 56-bit Data Encryption Standard (DES) is not as secure as believed, the Electronic Frontier Foundation 
(EFF)  revealed today in an attempt to raise the ante in the political standoff  with U.S. government officials trying 
to limit the strength of encryption approved for export.   


  "The news is not that a DES cracker can be built, we've known that for  years," said Bruce Schneier, president of 
Counterpane Systems and advocate of  easing government crypto export restrictions. "The news is that it can be  built 
cheaply using off-the-shelf technology and minimal engineering, even  though the Department of Justice and the FBI have 
been denying that this  was possible."  


  The EFF built a machine for $220,000 that took three days to crack the DES code. The previous record was 39 days, 
according to the EFF. EFF executives said that now that the research is done, a duplicate machine can be built for as 
little as $50,000. It was the  winning entry in the RSA Laboratory's  DES Challenge II. The contest is held to 
demonstrate mainly to government  officials that 56-bit DES encryption technology can be broken.   


  The code creates a key to decipher information. Key recovery is at the  center of a long-standing debate about the 
U.S. crypto export policy.  Privacy advocates and the industry alike oppose mandatory key-recovery  features in export 
products because they say the systems present the  possibility that law enforcement or unauthorized parties could gain 
access  to scrambled data without due process or permission.  


  On the flip side, law enforcement has held its ground that unfettered  export of encryption will lead to terrorists 
and criminals using the  technology to cover their tracks. But proponents of free encryption,  without mandated spare 
keys, contend that strong encryption already is  available around the world.  


  EFF executives said the machine was designed to counter the claim made by  U.S. government officials that it is 
impossible to decrypt or it would take  multimillion-dollar networks of computers months to decrypt one message.  


  "This will prevent manufacturers from buckling under government pressure to  dumb down their products since such 
products will no longer sell," said  Barry Steinhardt, EFF executive director. "If a small nonprofit can crack  DES, 
your competitors can too. Five years from now some teenager may well  build a DES cracker as her high school science 
fair project."  


  The machine works much like an Internet search engine such as Yahoo or  Excite. It combs the encryption for the right 
combination of 56 1s and  0s. Once the combination is assembled a message can be read. In the case  of the RSA contest, 
the winner of which received $10,000, the message was  "It's time for those 128-, 192-, and 256-bit keys."  


  "Producing a workable policy for encryption has proven a very hard  political challenge," said John Gilmore, EFF 
cofounder and project leader  in a prepared statement. "When the government won't reveal relevant facts,  the private 
sector must independently conduct the research and publish the  results so that we can all see the social tradeoffs 
involved in policy  choices."  


    




-------------------------------------------------------