From itumeztr@sariyer.cc.itu.edu.tr Tue Mar 4 11:40:38 1997 Date: Tue, 25 Feb 1997 04:50:26 +0200 (EET) From: ITU Mezunlari Dernegi Haber Dagitim Merkezi To: ** ITUMD ** ISTANBUL TEKNIK UNIVERSITESI MEZUNLARI DERNEGI ULUSLARARASI KURULUSU Subject: SCIENCE AND ENGINEERING NEWS (fwd) _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/ To: ITU Alumni Scattered All Around The World _/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ INET GROUP BREAKS RC5 48 BIT CRYPTOGRAPHIC CHALLENGE ============================================================================= Zurich, Switzerland -- More than 5000 computers connected via the Internet have broken one of the most difficult cryptographic challenges ever solved, in just over thirteen days. The challenge was one of a series of such challenges recently offered by RSA Data Security, Inc., a U.S. firm which produces cryptographic software. A news release from RSA noted that the crack effectively demonstrates that many encryption systems -- such as those commonly used on the Internet, in electronic commerce, and in so-called "Smart Cards" -- can be broken with relative ease using modern computing techniques. The challenge was solved by a loosely organized group of individuals from around the world who banded together to create a project known as the "Distributed Internet Crack." The group was begun by Germano Caronni, member at the Swiss Federal Institute of Technology in Zurich and quickly grew to include hundreds of people, from commercial as well as academic sites, who worked at a furious pace to write and optimize the necessary software and then run it on thousands of computers simultaneously. The group never met in person but communicated via email. Continuously updated pages on the World-wide Web, available in four different languages, provided the latest information and progress reports. The Distributed Internet Crack first attacked the easiest of RSA's challenges. The group solved this challenge in 3 1/2 hours, only minutes after another group submitted the correct answer. After coming so close to winning the first challenge, the group decided to take on the second one, hundreds of times as difficult. The challenge required that up to 281,474,976,710,656 different keys be checked. By linking the computational resources of thousands of computers via the Internet, the second challenge was solved on Monday, February 10th, a little over thirteen days after it was issued. The news release asserted that completion of the challenge broke new ground in several ways: Besides cracking what it termed "the hardest key ever", the event also brought together the most computers ever working on a single Internet project (over 5500 computers were operating simultaneously at one point, and over 10,000 computers joined in the project at one time or another), and produced the most cryptographic keys ever checked per second in an openly publicized effort (over 440 million keys per second at peak, and an average of 140 million keys per second over the entire project). If the group would have re-attacked the 40 bit challenge with the computing power it had at the end of this effort, that key would have been broken within 45 minutes. The group is now planning to attempt another challenge issued by RSA, this time aimed at the DES cipher, which has been used in American and other financial institutions for many years. For more information, see the following URLs. RSA Data Security Secret-Key Challenges: http://www.rsa.com/rsalabs/97challenge/ Team Web Pages: http://www.klammeraffe.org/challenge/ and http://www.ee.ethz.ch/challenge/ Software: ftp://ftp.tik.ee.ethz.ch/pub/projects/dic/ Preliminary Web page for DES challenge: http://fh28.fa.umist.ac.uk/~des/