
   
   
   Home
   
   About RSA
   
   Careers at RSA
   
   Contact RSA
   
   Developers Corner
   
   Directions to RSA
   
   Events
   
   FREE Software & Publications
   
   FTP Site
   
   Partner Products
   
   Price List
   
   Pressbox
   
   RSA Art Gallery
   
   RSA Japan
   
   RSA Labs
   
   RSA Products
   
   Search
   
   Security Dynamics
   
   Standards [INLINE] [INLINE] [INLINE] [INLINE] DES RSA Data Security RSA Challenge Cracked
   [INLINE]
     _____________________________________________________________________________________
   
   [INLINE] [INLINE]
   
   Government encryption standard DES takes a fall
   
   Rocke Verser Takes $10,000 RSA Challenge by cracking DES
   
   Tuesday, June 17 marked a milestone event in cryptography - the day the RSA DES Challenge
   was solved. Shortly before midnight on Tuesday, an RSA Data Security, Inc. automated
   server confirmed that Rocke Verser of Loveland, Colorado, had submitted the winning DES
   key. Verser garnered the $10,000 prize that teams worldwide had been vying for since
   January. With his win, Rocke well earned his $10,000 prize money and the fame thats sure
   to follow. But for DES, the venerable, trusted, and widely used Government cipher, this
   may be the final blow that indicates its time has passed.
   
   DES is the Data Encryption Standard, an encryption block cipher defined and endorsed by
   the U.S. government in 1977 as an official standard. The encryption workhorse of the
   banking and financial communities for over twenty years, DES has been renewed every five
   years by the National Institute of Standards and Technology (NIST) and is presently up for
   review. DES has been extensively studied since its publication and is the most well-known
   and widely used secret-key cipher in the world.
   
   
   
   The RSA Secret-Key Challenge
   
   The RSA Secret-Key Challenge, announced at the RSA Data Security Conference in January,
   provided $1,000, $5,000 and $10,000 prizes for breaking various RC5(TM) keys at different
   sizes and gave a $10,000 prize to break DES, which uses a fixed-size, 56-bit encryption
   key. (RC5 is RSAs variable key, parameterized symmetric-key cipher. So far, the 40-bit
   and 48-bit RC5 key challenges have also been solved. There are twelve RC5 challenges in
   all.)
   
   RSA launched the Secret-Key Challenge to investigate the power of distributed computing
   attacks over the Internet, and to show the relative strength of RC5 at various key sizes,
   and the strength of 56-bit DES.
   
   
   
   Breaking DES
   
   Responding to the Challenge, including a prize of $10,000, Rocke Verser, with the help of
   team leaders Matt Curtin and Justin Dolske decided to tackle DES. (To date, the most
   effective way to crack DES is through an attack known as brute force. In brute force
   attacks, a challenger keeps trying new possible DES keys until they find the specific key
   used to encipher the challenge phrase.) Rocke created a cracking program that would keep
   trying new keys till it solved the DES challenge phrase. He designed the program so that
   it could be distributed and downloaded over the Internet. The project, code-named
   DESCHALL, linked together hundreds, and eventually tens of thousands of volunteer
   computers. As each new computer volunteer signed on, the DESCHALL team created new
   portions of the DES key space for each of these machines to test. Wrong DES keys could be
   eliminated, and the correct key, somewhere, would be rooted out.
   
   
   
   The Power of The Internet
   
   The attack team included an amazing array of Internet volunteers and computing resources
   from industry, universities, and government. With a possible 72 quadrillion keys to test,
   this distributed attack would require an incredibly large amount of computing power. And
   compute the DESCHALL team did, at some points testing almost seven billion keys per
   second.  And by writing different crackers for Unix, Windows, Macintosh, and OS/2
   operating systems, the DESCHALL team could utilize the computing power of the largest
   workstations, as well as more modest personal home computers.
   
   Ironically, under current U.S. Dept. of Commerce export regulations, and underscoring a
   problem faced by the U.S. software industry, the DESCHALL team could not export the
   cracking program outside the U.S. and Canada. SolNet, a competitive effort based in Sweden
   was able to take advantage of this restriction. Even though they started much later than
   the DESCHALL team, by marketing their cracker worldwide, they had searched nearly 10
   quadrillion keys when the DESCHALL team hit on the winning key.
   
   
   Lots of Help and a Little Luck
   
   In the end, the DESCHALL effort solved the DES challenge after only searching 24.6% of the
   key space. (about 18 quadrillion keys!)  The winning key was determined by Michael
   Sanders, using a Pentium 90 MHz desktop PC with 16 megs of RAM. As promised, Rocke Verser
   plans to split his $10,000 winnings 60/40 with the actual winning computer, and as such,
   will give $4,000 of his prize to Mr. Sanders.
   
   Mr. Sanders knew he had the right key when his machine successfully decrypted the DES
   challenge phrase. Strong cryptography makes the world a safer place.
   
   RC5 is a trademark of RSA Data Security [INLINE] [INLINE]
   
   RSA Press Release
   
   Fact Sheet
   
   Frequently Asked Questions about RSA Secret-Key Challenge
   
   RSA Secret-Key Challenge Home
   
   DESCHALL Home Page
   
   DES In The News [INLINE] [INLINE]
     _____________________________________________________________________________________
   
   [INLINE] [INLINE] [INLINE]
   
   RSA Press Release | Fact Sheet | Secret-Key Challenge FAQ
   RSA Secret-Key Challenge | DESCHALL Home Page
   DES In The News | RSA Home | DES Cracked Home
     _____________________________________________________________________________________
   
   
   
   Send any website feedback or comments to: webmaster@rsa.com
   Copyright &copy; 1997, RSA Data Security, Inc.  All Rights Reserved.
