RC5-64 Success

Peter Trei writes "After over four years of effort, hundreds of thousands of participants, and millions of cpu-hours of work, Distributed.net has brute forced the key to RSA Security's 64 bit encryption challenge, winning a US$10,000 prize. Still outstanding Challenges carry prizes as high as $200,000. RSA's PR release is here. d.net's site has not yet been updated." Update: 09/26 16:59 GMT by CN : The good folks over at SlashNET are having a forum with the distributed.net crew on Saturday at 21:00 UTC. It'll be a great time to meet some of the people who made this possible.

d.net's site update

[ChronoZ]

Link here: http://www.distributed.net/pressroom/news-20020926 .html

Re:d.net's site update

There is a forum scheduled with the d.net guys on SlashNET this Saturday.

hmmm

now distributed net can get onto the task of how to get my sofa out of the stairway

Re:hmmm

[GMontag451]

Thats easy, just open a doorway in the wall with a time machine.

Look's like I'm the only one here that got that reference.

Re:hmmm

[Amazing+Quantum+Man]

But why did you send me a bill for finding my cat?

Yea!!!

[MarvinMouse]

So somehow has proven that given enough time, money and effort, RSA 64-bit encryption can be eventually broken using the amazing method of...

BRUTE FORCE.

Who woulda thought.

Re:Yea!!!

[Tom]

I don't know why the parent was modded up as funny, but:

There is a difference between saying "in theory, we could do this and that" and actually doing it.

Cryptography specifically is a realm of arbitrary large numbers, theoretical math way, way beyond what 99% of people ever learn in both school and university, and lots of guesswork, estimates, approximations, you name it.

I don't think anyone is really surprised by the outcome, but nevertheless, the only real proof that something can be done is and always will be to actually do it.

Re:Yea!!!

[Blkdeath]

Of course, ASCI White (or, even better, Japan's new super computer) could probably crack RC5-64 in a matter of hours.

That's what has to be considered in all of this.

Re:Yea!!!

No, the OP was right. This ceased to be news years ago. This is just stupid now. We're not proving anything. Yes, we can brute force a known-plaintext attack against just about any block cipher. The "advanced mystical math" doesn't enter into the equation -- it's all irrelevant. For the love of all that is good and pure -- stop wasting your friggin cycles on this shite and do something productive.

Re:Yea!!!

[unicron]

How many computers were working on rc5-64 for how many years? White isn't that many factors faster.

All bets are off though once we get quantum machines up and running...provided we can get around the whole heisenberg principle.

Re:Yea!!!

[eddy]

I'm with the OP on this. Once in a time there was a purpose with cracking DES; proving it wasn't as hard (secure) the government wanted people to believe. However, that was a long time ago now.

C'mon, estimating the time of a brute-force attack is almost trivial. Once you can time how long it takes to attack some percentage of the keyspace, interpolation to mid- and worst-case is simple.

There's a lot of other distributed problems to spend time on, problems where the solution actually is worth something.

Re:Yea!!!

[defile]

I remember when this first started out they believed it would take about 1000 years to crack.

There's a lot of interesting information that comes from this aside from the actual problem being attacked.

Re:Yea!!!

[wunderhorn1]

On the other hand, most sensitive information tends to stay sensitive for long periods of time. The success of the bovine project proves that if you need data to be secure for the long run, choose something stronger than 64-bit encryption.

Re:Yea!!!

Ok, like what? If we have some monumental time-worthy effort to build a distributed system for, what is that?

People are starting to realize that just because you can build a big super computer, doesn't mean you have any use for it. The best uses for super computing and large distributed networks *is* cryptography work.

Re:Yea!!!

[NeoSkandranon]

Winning 10,000 dollars isn't productive?

Re:Yea!!!

[eddy]

First. Extrapolation. So, corrected.

As you can probably guess from the way I expressed myself in the last line, I understand very well that the 'goal' isn't the most interesting part, but the way there and what can be learned about distr. computing.

HOWEVER, I mean that it makes more sense doing something for which the goal is _also_ of interest.

Such examples include but are not limited to folding and generating genomes.

Re:Yea!!!

Not when it takes thousands of computers, a few million dollars worth of CPU cycles, and about five years to win the $10,000 prize.

Re:Yea!!!

[FunkMonkey#9]

So how long did it take, then? It took more than 300,000 people over 4 years to crack it. Ballpark an actual computing time figure for me.

Re:Yea!!!

Yeah, a far better use for surplus computing power than solving the protein folding problem, or finding anti-cancer drugs.

http://www.foldingathome.com/

www.ud.com

or even http://www.fightaidsathome.org/index.asp

Re:Yea!!!

[Boone^]

All you'd need is a heisenberg compensator circuit connected to the machine, right?

Re:Yea!!!

[NeoSkandranon]

Faulty logic. The cost to the winner is only his time invested, not everyone else's. Like playing the lotto, almost.

Re:Yea!!!

[FyRE666]

ASCI White (or, even better, Japan's new super computer) could probably crack RC5-64 in a matter of hours.

Hardly. We're talking about a third of a million participants taking 4 years here. Unless someone's developed a time machine and built ASCI from some future technology it's not that fast! (remember, many participants were science labs or other groups utilising several, sometimes hundreds of machines).

Now we should see project OGR really kick into gear!

Re:Yea!!!

[mcg1969]

I remember when this first started out they believed it would take about 1000 years to crack.

Probably because the scalability of a distributed computing system was underestimated. Know this, it took a boatload of CPU time to crack this thing---just as predicted. What was not properly estimated was how much parallelism would be achieved.

There's a lot of interesting information that comes from this aside from the actual problem being attacked.

From a cryptography science, none at all. This project added absolutely nothing to our knowledge of cryptography.

All of the interesting information learned was in the area of designing, organizing, and managing a distributed computing network, and the potential CPU power such as system could harness. That exact same knowledge could be gained attacking an exhaustive-search problem with some genuinely useful outcome, like protein folding perhaps.

Re:Yea!!!

[John_Booty]

Of course, ASCI White (or, even better, Japan's new super computer) could probably crack RC5-64 in a matter of hours.

According to D.Net's press release, the peak rate achieved by D.Net on this effort was equivalent to ~46,000 2GHZ Athlon XP's working in tandem. Can even ASCI White or Japan's supercomputer match this sort of processing power?

I'll admit that the RC5-64 project had very little practical use, but it was a heck of a proof-of-concept in terms of people's willingness to donate vast amounts of CPU time and the staggering amount of otherwise-wasted computing power that's out there and waiting to be utilized.

I'd stuck with D.Net over the years even as more useful distributed applications cropped up, out of some sort of loyalty since I'd already invested so much (CPU) time in it. Now, I think I'll pick a more "useful" application like protein folding or something to occupy my spare cycles...

Re:Yea!!!

[Phexro]

"All bets are off though once we get quantum machines up and running...provided we can get around the whole heisenberg principle."

Are you certain?

<rimshot/>

Re:Yea!!!

[Bishop]

Don't they teach math anymore?

Based on the numbers from distributed.net. The actual computing power used is equivalent to 32504 800Mhz Apple powerbook G4s running for 676 days. With the same number of powerbooks you could exhaust the keyspace in 790 days. For 100 million dollars USD you could buy 100000 Dell Athlon XPs from BestCry and exhaust the keyspace in a little over a year.

Re:Yea!!!

[anthony_dipierro]

So somehow has proven that given enough time, money and effort, RSA 64-bit encryption can be eventually broken using the amazing method of... BRUTE FORCE.

Nope, we didn't even do that. We proved that given enough time, money, effort, and the first few characters of the decrypted message, RSA 64-bit encryption can be eventually broken using the amazing method of BRUTE FORCE.

Want something more interesting? Compress the message with a really good english language compression algorithm first, then encrypt it.

Re:Yea!!!

[Blkdeath]

Hardly. We're talking about a third of a million participants taking 4 years here. Unless someone's developed a time machine and built ASCI from some future technology it's not that fast! (remember, many participants were science labs or other groups utilising several, sometimes hundreds of machines).

We're still talking about machines that don't even hit a single GFLop, whereas ASCI White clocks in at a paltry 7.2TFlops, while Japan's Earth Simulator runs at a tidy 35.86TFlops.

Not to sound too black-helicopterish or anything, but these are only the supercomputers that we know about.

Isn't it entirely possible that in the interests of tracking "terrorists", the Department of Homeland Security might just have assembled something that makes E.S. look like an old laptop?

The technology exists, it's just a simple matter of somebody (read: corporation / government) with the funding and wherewithall to put it together and make it function.

Re:Yea!!!

[homer_ca]

Electricity for your 80W Athlon is free too?

Re:Yea!!!

Based on the numbers from distributed.net [distributed.net]. The actual computing power used is equivalent to 32504 800Mhz Apple powerbook G4s running for 676 days.

32,504 800Mhz Apple powerbook G4s running for 676 days?! So, in another words...the same as my 2.4 GHz Pentium 4 running for three weeks?

Re:Yea!!!

[Teknon]

Pardon my ignorance, but what is the heisenberg principle?

Re:Yea!!!

[woodchip]

I didn't know Dell sold Athlon's
also, i thought you need the MP's to do dual/SMP processing, not the XP's

as of July, you could get 12 Dual Athlon 2000+ cluster (along with lots of other cool bloat, gigabit networking,rackmount, nice clustering s/w package etc) from microway for $47K.. so..if you had a run time of 676 days, you would need a $90million cluster...

Re:Yea!!!

[unicron]

The Heisenberg Uncertainy principle basically states that their is no such thing as a truly closed system. Rough explanation is this: You can't look at something/anything without changing it somehow. In this application, the results gathered from a quantum computer wouldn't be accurate because to obtain them, you had to observe, and therefore changed something, no matter how small.

Re:Yea!!!

[Bishop]

My bad. It was a Compaq not a Dell. It is a single XP 2100+. You can deffinately go cheaper. You probably can get the same result for half that. Cheaper still if you built dedicated hardware.

Re:Yea!!!

Okay, one, RSA != RC5. They are two seperate algorithms. The only thing they have in common is they are designed by the same person, Ron Rivest. Second, if you are talking about the RSA algorithm, you do not brute force the keys, you factor them.

Re:Yea!!!

[landaker]

Ah, the old nebulous TFLOPS rating again that every freshman CS or EE student learns is completely and utterly worthless in any regard as a speed rating...

Besides, RC5 doesn't USE floating point operations. =)

No more RC5 in OpenBSD

[chrysalis]

Funny. The RC5 algorithm has just been removed from OpenBSD because of copyrights.

Re:No more RC5 in OpenBSD

[tomstdenis]

copyrights or patents?

Anyone with a bit of skill can code their own RC5 code... I know I did it. However, there are US patents on the RC5 algorithm...

Tom

Heh

[GigsVT]

While it's debatable that the duration of this project does much to devalue the security of a 64-bit RC5 key by much, we can say with confidence that RC5-64 is not an appropriate algorithm to use for data that will still be sensitive in more than several years' time.

Heh, it took a world-wide effort of thousands of computers over 1700 days. I don't think there is any debate at all; they proved the opposite of what they set out to prove. :)

Re:Heh

[Ionized]

Heh, it took a world-wide effort of thousands of computers over 1700 days. I don't think there is any debate at all; they proved the opposite of what they set out to prove. :)

no, they're completely correct. re-read their statement (emphasis mine):

we can say with confidence that RC5-64 is not an appropriate algorithm to use for data that will still be sensitive in more than several years' time.

if you are interested in decrypting a competitor's proprietary information, you don't need to do it in weeks or even months. several years may still be very worth the wait - in which case, RC5-64 would not be appropriate for that data, just as they said.

Re:Heh

[Assembler]

Think about it though.. imagine if that key had been encrypting actual government secrets. Any country with a government capable of buying enough computing power would now have all those secrets. Keep in mind that the US government has secrets dating back in time from way before the Kennedy assassination. 4 years is way too short for secrets like that.

Re:Heh

Well just because the key happened to be near the bottom of the pile, it seems like a secure algorithm (It took 1700 days).

If the key had been in the first block, could we correctly say "this algortihm is so weak, even a pentium 100 can crack it in an hour!"?

No, we would have pointed to the statistical abnormality and said "Well STATISTICALLY SPEAKING it should have been this strong"....

Therefore these distributed.net projects really don't prove or disprove anything.

Re:Heh

[Papineau]

Not really. If you consider that over 5 years, the average keyrate is 105.5 GKeys/sec, and the latest day averages were somewhere around 180 GKeys/sec, it means the same thing could have been finished in almost half the time, if it was started now with today's computers. Moore's law being what it is, if it really was started again now, it would take around half that time again, because more powerful CPUs are to be unveiled in that timeframe.

By their own estimates, it would take ~46000 Athlon XP 2GHz (now, where are you to find those right now?) to have 270 GKeys/sec (their peak rate in 5 years), which gives completing the keyspace in 790 days. Who would buy that much CPUs? Good question. With 2 dual MP motherboards in 1U (too lazy to find a link, I know somebody offers something like that), it would only take about 300 40U racks. Would you bet future national security on it? I don't think I would (and I'm not even american).

What it really shows is that brute-force can succeed, given enough time. But of course the more effective way to attack an encrytion algorithm is on the algorithmic side, because it helps you to find not only one cleartext, but all cleartexts encrypted with that algorithm.

Re:Heh

Keep in mind that the US government has secrets dating back in time from way before the Kennedy assassination.

Well, yeah - the plans for the Kennedy assassination, for one thing.

Re:Heh

[Pii]

Keep in mind that the US government has secrets dating back in time from way before the Kennedy assassination. 4 years is way too short for secrets like that.

That's funny... I'd say that 4 years is far too long for secrets like that.

Re:Heh

[swillden]

Not to mention: You're talking about doing it with general-purpose hardware. It would cost far less to build specialized hardware that would crack it much, much faster. That's precisely what the EFF did for DES with Deep Crack.

Even if it took four years and a large, collaborative effort, the fact that general purpose machines can do this at all means that it's insecure against a determined adversary with a couple million dollars to spend.

Re:Heh

[BlueArchon]

I tried running the RC5 on both my about 10 years old 486-66 and on my current thunderbird 1.4. The newer computer was about 55 times faster.

If computer continue to get faster at the same rate, this challence would in 10 years take thousands of computers 1700/55 ~= 30 days to complete... In 20 years only half a day...

But then again, who uses RC5 in 20 years....

Re:Heh

[GigsVT]

But then again, who uses RC5 in 20 years....

Yeah, that was my point, even if things keep doubling at their current rate, RC5-64 will still not be feasible to crack in reasonable by anything except dedicated (expensive) hardware for several decades.

Besides, who uses 64 bit encryption anymore. 128 bit will take several orders of magnitude times longer, it should be safe from brute force for the forseeable future.

They did forge ground in being one of the first large scale distributed computing efforts, so all is not lost, that is important research after all.

Re:Heh

[Chester+K]

If you consider that over 5 years, the average keyrate is 105.5 GKeys/sec, and the latest day averages were somewhere around 180 GKeys/sec, it means the same thing could have been finished in almost half the time, if it was started now with today's computers.

And the fact that now we know the key would speed up another attempt considerably. I'd go so far as to say it'd take even less than half the amount of time if we started again today!

MS: News

Windows 2000 cracks RSA 64 challenge. Steve Balmer said, "This further demonstrates the tremedous power of the Windows 2000 platform." Balmer further commented, "It also demonstrates Windows great strength when it comes to security!"

Who would have guessed?

I stopped because...

I stopped participating because my machines would all run significantly hotter, and it's already hot enough in this room as it is. Maybe I'll start again come winter time and if it gets cold in here.

-- gid

Well then

[dalassa]

I suppose I can shut dnetc down for now and give my processors a rest. Congratulations to whoever got the lucky key.

Re:Well then

[Blkdeath]

Actually, that brings up a good point;

My server (AMD K62-400) has been running dnetc for approximately 2.5-3 years (coupled with four-times daily team stats update) and now.. it's not.

From a constant 1.0 load average to just the load of my regular maintainance and server functionality, will the CPU itself be ok? I mean, it's going to run a lot cooler until I find a new project.

I'm no expert on sillicon, but isn't there an issue when sillicon heats up, stays hot for a long period of time, then drops in temperature?

Re:Well then

[Atzanteol]

There is always OGR...

Re:Well then

Yes! Join OGR-25@distributed.net. This is used in science.
OGR-25 is still waiting for sponsors to put a price on completer of OGR.

dammit

Now I have to shut down all my clients. I don't have any desire to lend my spare cycles to OGR or whatever other silliness they are doing.

Good job folks

[chainrust]

Nice, except for the fact it doesn't matter. It wasn't even the real encryption code. Also, it never would have happened without distributed processing, so this isn't a real demonstration of computing power, but actually a demonstration of distributed computing power.

Re:Good job folks

Hey, Rusty. I found real picture of you.

Re:Good job folks

Ha! I was thinking the same thing. "Waaah, it's not real computing power...because it's distributed". What a nimrod.

Re:Good job folks

[chainrust]

It isn't. If someone wanted to apply a mass amount of computing power at a problem, they couldn't do it distributedly because you rely on geeks interested in your cause. Those geeks might in short supply if you wanted a distributed application for, say, figuring out the genome for rats. Don't post comments without thinking. It can only lead to trouble.

Re:Good job folks

If he's Rusty, then who's this?

Re:Good job folks

[Drakonite]

If someone wanted to apply a mass amount of computing power at a problem, they couldn't do it distributedly because you rely on geeks interested in your cause.

Or rely on the money to build a nice sized cluster of 4.7 Ghz pentiums or even just a large number of 2ghz Athalons as a previous poster mentioned.


Oh no.. I've joined the ranks of those who post links to slashdot articals in the discussions of other slashdot articles...
Must.. get... dirt... off....

Re:Good job folks

[Chundra]

Let me try to follow your logic. If it was one computer it would presumably be "real computing power". But if thousands of computers were used it would be fake. Hmmm. A distributed architecture that has varying numbers of participants (and thus computing power) at any given time, is not any less "real" than a single dedicated cpu or even a large cluster. Participant interest is completely irrelevant. You might want to take your own advice and "Don't post comments without thinking. It can only lead to trouble."

Re:Good job folks

[ethereal]

How do you know that's not what you were really calculating? Without source to the client, there's no real way to prove that you were looking for evidence of alien transmissions as opposed to, say, cracking Iraqi short-wave signals in near real-time.

So far, distributed computing has succeeded on the basis of the cover story, not really on the basis of what's actually being computed.

Re:Good job folks

[the+way,+what're+you]

...but actually a demonstration of distributed computing power.

No shit?

With apologies to Douglas Adams

[mh_tang]

So tell me, was the answer "42"?

Re:With apologies to Douglas Adams

[affenmann]

No, it is: "some things are better left unread". This doesn't apply to Douglas Adams, of course.

Re:With apologies to Douglas Adams

[KarmaBitch]

Almost :-D

0x63DE7DC154F4D03

You got a 4....

I'm sure 42 was tested in one of the 15,769,938,165,961,326,592 keys tried.

The unknown message is: some things are better left unread

Re:With apologies to Douglas Adams

[mraymer]

Yes it was, but that's base ten. Thus, the hex code for the key is 2A.

;)

Back to reality, it's awesome that they finally found the key. I always had this fear that they'd have to restart the project due to the winning key getting lost somewhere... imagine having to RETEST 2^64th worth of keys!

And speaking of Douglas Adams, when a dnetc client asks for RC5 work, the keyserver should reply "So long and thanks for all the fish!"

Re:With apologies to Douglas Adams

[Blkdeath]

And speaking of Douglas Adams, when a dnetc client asks for RC5 work, the keyserver should reply "So long and thanks for all the fish!"

It can say whatever you want, of course, if you run your own keyserver;

[misc]
proxymessage="Tux is your overlord. Suck it."

Re:With apologies to Douglas Adams

This doesn't apply to Douglas Adams, of course.

It does apply to most Slashdot comments, however.

Re:With apologies to Douglas Adams

[Jugalator]

No, it is: "some things are better left unread".

Actually, if you read closely, the plaintext output is:

"The unknown message is: some things are better left unread"

I admit I didn't get it at first, but if just you read closely... ;-)

proper slashdot headline

"RC5-64 Encryption Worthless, Hax0rz Now 0wn All Your Pr0n"

test

[BarryReisweg]

123

Good work

[ivanandre]

But it only shows that the encryption algorithms are intrinsecaly secure...

Re:Good work

aha.
a true geek can surely spell words like 'encryption', and 'algorithms', words that might trouble the general population.

But, when faced with a common word like 'intrinsically', our geek lapses into phoneticism.

Ten thousand?

[ma++i+ude]

Yes, this is cool, but $10,000? Am I the only one thinking that keeping "hundreds of thousands" of computers on for "over four years" is probably going to cost something? (Yes, even when many of these computers would have been running anyway.)

But who's doing it for the money anyway...

FINALLY.

[KFury]

Does this mean I can go back to alien hunting now?

Re:FINALLY.

[d.valued]

Don't count out distributed.net completely. They do have other projects, like the Optimal Goulomb Ruler project and the various blitz project which pop up now and then for other encryption technologies.

And IMHO, alien hunting is a waste of time, since we still don't really have a clue as to how they would communicate. I mean, if they are as advanced as we are, then that means that they would be at least hundreds of lightyears away from us (by consensus opinion) and therefore: their radio sigs would also be hundreds of years old and wouldn;t give us enough insight to them anyway. Besides, how do we know which freqs to check? How do we know that they don't allocate spectrum EXACTLY like we do?

I'm just going to go back to the Mersenne project for now. They have a huge check waiting for the next person to find a Mersenne prime.

Besides that: There's always RC5-72....

Re:FINALLY.

[McCart42]

No, you can still work on the optimal golomb ruler project (OGR), which is an interesting distributed project that becomes exponentially more difficult for each added mark. Currently they are working on a 25-mark ruler, and verifying the 24-mark ruler. From the linked page: "OGR's have many applications including sensor placements for X-ray crystallography and radio astronomy. Golomb rulers can also play a significant role in combinatorics, coding theory and communications, and Dr. Golomb was one of the first to analyze them for use in these areas."

Re:FINALLY.

[Eil]

Heh. Well, I'm not much for alien hunting, but I'm also getting bored of cracking encryption. Yeah, there's money involved, but I'd like to do something that matters. I've got that United Devices protein folding program running in windows, but that seems to have some kind of commercial slant.

Anyone want to suggest their favorite distributed project for using up spare CPUs? Bonus points for it being actually useful, non-profit, and multi-platform.

Re:FINALLY.

[F34RL3SS+L34D3R]

You hunt Aliens?
What do you use for scent?

RTFS

Re:FINALLY.

[HistoryNerd]

Check out the Distributed Folding Project The project is run a non-profit institution and is focussed on medical research. The project has very strong multi-platform support, and actually runs BETTER on Linux in relation to Windows. A summary of the science behind the project can be found here.

Re:FINALLY.

Reese's Pieces.

Re:FINALLY.

Sure. Try Find-a-Drug. It's a continuation project of the guy who coded THINK for United Devices, and he says it's 5-40 *times* faster than the previous version that UD ran. It's searching for cure to cancer, but also to other diseases, and it has a lively forum with quite friendly people, many of them have moved from UD, but all the others are welcome too. :)

Re:FINALLY.

[pben]

Internet-based Distributed Computing Projects has a good list of current projects. I have been waiting for Climate Prediction to start. There have been several stories on it here before. In the mean time I have been giving spare CPU cyctes to Distributed Particle Accelerator Design.

Re:FINALLY.

[Matt2000]

Seriously though, can anyone tell me what the attraction to the d.net project was? It seems like a colossal waste of cycles to me. Everyone knew it was going to be successful, it was just a matter of wasting enough time to eventually find the right block.

Now that it's over, what do we have to show for it? A whole lot of nothing it seems.

Re:FINALLY.

[Goonie]

And IMHO, alien hunting is a waste of time, since we still don't really have a clue as to how they would communicate.

But we now know quite a bit about the electromagnetic spectrum so we can make some reasonably intelligent guesses.

I mean, if they are as advanced as we are, then that means that they would be at least hundreds of lightyears away from us (by consensus opinion) and therefore: their radio sigs would also be hundreds of years old and wouldn;t give us enough insight to them anyway.

Wouldn't just "there's something else out there" be a pretty cool first insight?

Besides, how do we know which freqs to check?

SETI gear checks *lots* of frequencies at once.

How do we know that they don't allocate spectrum EXACTLY like we do?

We don't. We assume that they're likely to be using a narrowband signal (rather than UWB-like techniques), but beyond that we don't assume much.

Re:FINALLY.

[Eil]

Wow. This post deserves a 5. If I had a room full of machines, I could keep them all busy on different projects. Of course, now to convince the fiancee that I need a room full of machines...

Re:FINALLY.

[PhreeZrByte]

hmm....I joined to attract the opposite sex. I don't know about anyone else... :D

Are they going to share the prize?

[Oliver+Wendell+Jones]

Let's see, 321,000+ participants dividing a check of $10,000, that breaks down to $0.03 per participant... pretty sad when the postage to send your check is more than the check is for.... reminds of the time a creditor sent me a dun for $0.12, it cost them more in postage (including the pre-paid return mailer) then it gained them...

Re:Are they going to share the prize?

The prize money breaks down as such:

$8000 to d.net for setting up the network and client

$2000 to the individual winner or $1000 to the individual and $1000 to the rest of his team, if he was a member of a team.

Re:Are they going to share the prize?

[miltimj]

Hmmm... as it says here:

RSA Labs is offering a US$10,000 prize to the group that wins this contest. The distribution of the cash will be as follows:

$1000 to the winner
$1000 to the winner's team - this would go to the winner if he wasn't affiliated with a team
$6000 to a non-profit organization, decided by vote
$2000 to distributed.net for building the network and supplying the code

The vote will be decided on through an extension of the statistics engine, with one vote per block per person.

And to think.. it took a few seconds to find that, and a couple minutes to type your post..

Re:Are they going to share the prize?

and to think you're a fucking loser with no life posting on this faggot website... (trolls excluded of course, we are teh coolest)

Re:Are they going to share the prize?

[matguy]

Was there any word on if he/she was on a team, and if yes, which team?

SETI

[southpolesammy]

Since that the RC5-64 algorithm has finally been brute forced, perhaps we can put those now idle computers to work looking for ET? Seems a more worthwhile effort to me...

Re:SETI

[WetCat]

ET is a pure curiosity.

All you need is time...

Or maybe a really big computer!

Althought it took this group a lot of time to break it, I could see a "wealthier" group putting together resources and doing it faster...

What now?

[KarmaBitch]

So RC5-64 is insecure?

Damn... I guess I'm gonna just have to start hashing my data to keep it secure. :-)

Re:What now?

That wasn't very funny. Try harder next time.

Re:What now?

[jlcooke]

Hashing your data? Not with MD5 which will possibly be the nest d.net project.

http://www.certainkey.com/dnet/

JLC

So I Take It 128-bit SSL Is Safe Then...

[nherc]

for my online transactions for the near future seeing that 64-bit took 4 years to crack.

Too bad there are 99% easier ways to compromise "secure" online transaction systems, not to mention ways to compromising the servers that run these systems.

Just see A Guide to Building Secure Web Applications.

Re:Heh ??

[veddermatic]

I'd say not.. in several years time, the average laptop / home PC will be able to crank out the work that the distributed project did in a week or so... meaning in a few years, an individual will be able to decrypt RC5-64 data in a realistic timeframe for (mis)use.

That's the point.... is RC5-64 (effectively) safe today? It sure the heck is.. this project proved that! Will it be safe in 5 years? Heck no, and that was the point.

Congratulations

[Dirtside]

While this is an admirable achievement, I found another distributed computing project which I think is more worthwhile -- namely, Folding @Home, which is a distributed protein-folding simulation effort. This is the kind of research that will end up curing things like Alzheimer's, and I think it's a better use of your processing time than brute-forcing encryption keys (or even SETI, or Primenet). I encourage everyone to participate in F@H instead, as I think it will provide a greater benefit to us all in the long run.

Of course, some on /. may need to be reminded that they are indeed free to run whatever distributed computing software they feel like; I am merely requesting that they run this one.

Re:Congratulations

[eddy]

Yes, and don't forget genome@home. You might consider joining the Wicked Old Atheists even :-)

Re:Congratulations

[gtaluvit]

But folding@home doesn't make you money, while these things do. :) Money makes the world go round.

Re:Congratulations

[Timmeh]

Don't forget that in _Engines of Creation_, K. Eric Drexler devotes a whole chapter (i think, it's been awhile) to protein folding and how it may lead to the first 'nano-machines' in a sense. If we know how certain proteins fold perhaps we can get them to fold im just the right way to make the first crude nano-assembler. Although the book *was* written quite a bit ago (1987 I belive), so I'm not sure if the nanotech community still looks to protein folding as a possible method for building assemblers.

And yes, I run a F@H client on my box damn near 24/7. I like how it's very conservative with it's use of resources when I run other app's. I can play Counter-Strike or UT2K2 and not even have to terminate it.

Re:Congratulations

[Dirtside]

I would think it more accurate to say that "these things" can make you money, should you or your team happen to be the one that finds the key/finds a prime/finds extraterrestrial intelligence. The chance is minuscule in any case. I also hope that the /. readership would be more inclined toward the rightness of the thing, rather than worrying about potential monetary rewards.

Re:Congratulations

[McCart42]

You'd be better off playing the lottery, statistically. I know it was supposed to be funny, but thought I had to point that out.

Re:Congratulations

[digitalsushi]

cool stuff, i think this is a good cause. i've set it up on three machines, and at least another three tonight when i get home from work! i like this kind of thing- they get something that will possibly benefit me when i'm old, and in return i get an excellent representation of how fast my machines are!

Re:Congratulations

dude get with the times, @Home folded like a year ago.

Re:Congratulations

[numpins]

Improving the quality of these clients would also help their acceptance. I use d.net on an iMac because it can pause itself when certain tasks are running (Warcraft III, Giants) and is smart enough to not waste my iBook's battery when I unplug it.

Re:Congratulations

[the_fineline]

I agree. I`m *so* glad rc5-64 is over. Calculated for years now. Shut down rc5 and start folding: , best choice!

Re:Congratulations

True that'

I hope to ...... that someone will finish those projects on how proteins are built soon, these days research data like this is owned only by big medicine companies... end result: expensive med.

Re:Congratulations

[quintessent]

And don't forget UD's Cancer research.

Re:Congratulations

[Dirtside]

Every distributed client I've ever seen runs itself by default at the lowest possible priority, so as not to take resources away from games or other user-responsive applications. This is a nonissue in general, and F@H itself does run at lowest priority, so it's a nonissue for F@H also. (I've played numerous games with F@H running in the background, and there's been no noticeable effect by the client.)

The disable-when-on-battery-power idea is nice, and I certainly think it would help, but I don't know if the catch-all "quality" is the best term to use. Maybe "laptop-friendliness" would be more precise.

Message from God

[QEDog]

Maybe if we were using that power to analize Pi in base 11 we would find the hidden message before the end of the world.

Re:Message from God

The message is here.

eh...

[xanadu-xtroot.com]

Big deal, to be honest. Where's those googly eyed, green guys when we need them?

Re:eh...

Dumbass...

Do you mean THESE GUYS?!?!?!?!?

Uh

Yeah, all those Hax0rz need is 350,000 computers, a worldwide network to link them and five years, and they can have all the porn!

Re:Uh

[BlueArchon]

That's called a IRC-channel...

Missing the point...

[back_pages]

Many people seem to think that this proves that the security is now insecure, or that the 300,000+ volunteers and 4 years of work means that this is an impractical security breach and the award is meaningless. The boat left you standing on the dock.

As it says in the PR, the scientific achievement here is that the security has now been quantified. The security challenge isn't just "super tough" to crack, or "practically impossible", but required exactly X bajillion processor cycles to crack. It's like the difference between "water freezes when it gets really cold," and "water freezes at 0 Celcius." That knowledge doesn't make your ice box less useful, but you do know how to configure the thing to make ice cubes.

The real question on my mind is whether or not that $10,000 prize will be distributed among the 300,000+ distributed volunteers. Prize money indeed...

Re:Missing the point...

[Ionized]

you, sir, are the one to completely miss the point. on multiple counts, actually.

Many people seem to think that this proves that the security is now insecure, or that the 300,000+ volunteers and 4 years of work means that this is an impractical security breach and the award is meaningless. The boat left you standing on the dock.

well, yes, basically it DOES prove its insecure, for the purposes of data that will continue to remain critical and proprietary for long periods of time. if you have trade secrets that would be valuable to your competitors even 6 years from now, RC5-64 just isn't good enough - they could crack it by then.

The security challenge isn't just "super tough" to crack, or "practically impossible", but required exactly X bajillion processor cycles to crack. It's like the difference between "water freezes when it gets really cold," and "water freezes at 0 Celcius."

so if someone else tried to brute force RC5-65, they would guess wrong the exact same number of times that distributed.net did before guessing correctly? do you even realize how brute force works?

The real question on my mind is whether or not that $10,000 prize will be distributed among the 300,000+ distributed volunteers.

an even precursory glance at the distributed.net website would explain exactly how the cash is split.

Re:Missing the point...

[back_pages]

Yes, I did write an unclear paragraph. Gold star for pointing that out.

It took 4 years and 300,000 processors to exhaust the majority of the name space and get lucky enough to find the correct key. That has been demonstrated, that is the accomplishment.

RC5-64 has been proven "insecure"? Hardly. Without even moving to RC5-65 as you have suggested, the very same message can be recoded with a new, randomly generated 64 byte key, encoded with a different number of passes than the previous run, or with a different word size, and the key space will be just as large as for this contest. It only took ~$15,000,000 in hardware, 4 years of electricity, 4 years of maintenance, and four trips around the sun to crack this message of about 50 characters. Gosh, what's to stop anybody from doing it whenever they want to?

It's not just "really hard". It's this hard. Water freezes at 0 celcius, not "when it gets cold enough". It's a stake in the ground, an achievement, and a demonstration (rather than a theoretical limit) that it is not feasible to attack RC5-64 encryption with any regularity, convenience, or economy.

And that comment about distributing the prize money? I encoded that with "rhetorical musing". I am and was well aware of how the money will actually be split, which did not impede my ability to use a little satire to illustrate that a 300,000 processor distributed network is hardly a reasonable way to attack RC5, but thanks for your input anyway.

And just for fun, I was motivated to peruse the contents of this report, mainly for the material that appears on page 39 and the summaries of RC5's results when faced with other attacks.

Re:Missing the point...

[Ionized]

RC5-64 has been proven "insecure"? Hardly

please re-read my original post. i didn't say that it was insecure, i said that it was insecure, "for the purposes of data that will continue to remain critical and proprietary for long periods of time." and there's no denying that, especially when one takes moore's (pseudo)law into effect. what took 4 years when started in 1998, might only take 2 years when started in 2002. and so on.

or, to put it another way - you're head IT director of random multibillion dollar international corporation. you have several documents that, if they were to fall into the hands of your leading competitor, could cost you billions of dollars of revenue over the next 5 or ten years. said competitor has been known in the past to engage heavily in corporate espionage, and could theoretically gain access to the encrypted documents. would you feel safe with RC5-64?

Re:Missing the point...

[back_pages]

Good point, thanks for the correction.

I went through...

[LinuxGeek]

...several computers during this 64bit phase of RSA cracking. Started with a K6-233, then K62-450, dual Celeron 450, Duron 800, Athlon 1GHz, Athlon 1.4GHz and now AthlonXP 1700+ @ 2000+. I wonder what we will be running when (if?) RC5-72 is cracked.

Re:I went through...

[OrangeSpyderMan]

Wow, this stuff blew all those machines and you still want to do it? :-)

well,

[eastbam]

with the new Intel 4.7-GHz chip you too can do this but in less than 10 minutes!

Re:well,

No, you can't, that would take much much longer

Are you trying to troll slash?

why not

[Alejo]

Sure... but why not something more certain to help humankind as the projects listed here.

It's not as fancy as looking for Darth Vader, but I'm sure most of you had somebody close with cancer, alzheimer, diabetes, etc.

Re:why not

[gimpboy]

while i like the concept behind the projects you linked to i have a couple questions:

• if this distributed effort results in a good anticancer agent, does the company then patent it and sell it back to the public? the faq doesnt really address this:http://members.ud.com/projects/cancer/faq_che m.htm
  
  
• does a linux client exsist? the download page doesnt seem to suggest there is a linux client:
  http://members.ud.com/download/gold/
  

i would be happy to turn our computers loose on a problem which will result in something everyone can benifit from, but i'm not willing to install vmware to run it.

Re:why not

[athakur999]

This page has this statement:

In United Devices Public Good Projects, rights to the research results remain with non-profit or government organizations that are dedicated to disease-fighting research.

Not sure exactly what that entails but it seems like the results will be freely available if you fall into one of those camps.

Re:why not

[Alejo]

go read DN and see they have partnership with United Devices.

sure, it is not clear about patents and stuff... hmm. but if DN can trust them, i sure can.

What a waste of resources

20 years from now, when I have newly-minted-by-global-warming underwater property in Boston, I'll come after every Slashdot geek I can find with a shotgun. How irresponsible.

kinda funny

[FunkyELF]

Its kinda funny how one thing takes all that time using all those computers to crack, but 5 days after a new program comes out http://astalavista.box.sk has a crack or a keygenerator for it.

How many megawatts?

I'd like to know how much electricity was used, or how many tons of
fossil fuel was consumed to produce this result. Any reasonable guesses?

D-net's site.....

[KarmaBitch]

For the first time you can actually watch the owner of a website watch his server crash and burn via a webcam :-)

http://members.slacker.com/~nugget/camb.php

Found via : Distributed Webcams

Re:D-net's site.....

[Nugget]

Now I'm glad I shaved today and wore a (relatively) nice shirt.

Re:D-net's site.....

[operagost]

I noticed the preview shows you're not at your desk. Probably rebooting the shashdotted server, eh?

If you have enough time...

[netphilter]

...you can crack any algorithm. Encryption algorithms are always going to be time-sensitive. You can brute force anything...it's just a matter of whether or not you can do it in a realistic amount of time. Taking the rate at which technology changes and becomes faster, I don't think that we should ever realistically expect an algorithm to last more than a few years.

5 Years!

[evil-barn]

Well it's obvious they should of started at the other end and worked backwards. It being 2/3's of the way through the keyspace, they would of got it much quicker! I mean duh!

the omen

When the Jews return to Zion
And a comet fills the sky
And the Holy Roman Empire rises,
Then you and I must die.

From the eternal sea he rises,
Creating armies on either shore,
Turning man against his brother
'Til man exists no more.

-- The Omen

Re:the omen

[Dehumanizer]

Great Iced Earth song, too. :)

I think many posters here are missing the point

[watanabe]

I think many posters here are missing the point of this. RSA wants people to crack these weaker crypto offerings; it makes their story better, not worse.

• They know exactly how insecure RC5-64 is. They want other IT groups, industry groups and tech managers to know it. The easiest way to do that is to offer open challenges with cash prizes. It's never hard for RSA to up their bit-length to 4096, say, a year before 2048 RSA is broken, and someone collects their $200,000. It is hard to make PHBs understand that RC5-64 is not secure if nobody has broken it.

Secondly, Distributed.net clearly isn't doing it for the cash. I didn't do it for the cash, either. (Although I wouldn't have minded winning.) They're doing it because:

• Breaking codes gives nerds their kicks.
• Building a distributed computing architecture is a difficult and interesting problem.

With current technology, as RSA likes to demonstrate, the winners are the cryptographers, not the cryptologists (the code breakers.) Quantum computing may change that, and make the cryptologists the winners. Until then, RSA can happily give cash prizes for increasing length keys: the numbers are on their side.

Re:I think many posters here are missing the point

[AxelTorvalds]

They know exactly how insecure RC5-64 is.

I don't think they do. distributed.net brute forced it. If that's the measure of strength then when go through the excercise of distributed.net? You can do some simple math in a few minutes and calculate "how strong" the cipher is.

If anything, distributed.net undermines the cash prizes. Instead of cryptographers putting effort in to cryptanalyzing RC5 for a cash prize a bunch of people with spare cycles (gamers, script kiddies, etc) did what everybody knew was possible; throw enough cycles at it and you can brute force it. As far as I know, nobody has broken RC5-64, just like nobody has ever broken DES; brute force? Yeah, you need bigger key spaces than 56 or 64bits but broken it? Not quite.

There still isn't a method to arbitrarily decrypt RC5 encrypted messages or a way that it quicker than brute force to break them and I'm betting fewer people are even looking at it now because the cash insentive is gone.

Re:I think many posters here are missing the point

[Nugget]

This isn't strictly true. I think a strong case can be made that public challenges like this are very effective in driving the development of innovative or simply incrementally more efficient approaches to an algorithim's implementation.

Although CPU speeds are significantly faster now than when they were in 1997 when RSA announced the secret key challenges we've also gotten a lot better at optimizing rc5 in software.

Innovations like Kwan's bitsliced/sbox approach to DES are revolutionary and driven in part by the motivation created by public challenges such as the RSA Labs' contests.

I don't accept your statement that the existence of or participation in these public projects in any way reduces the chances that someone will discover a weakness in the underlying algorithm. If anything, it's more likely since optimized implementations of an algorithim such as we see in dnetc generate more interest and consequently more people becoming familiar with the mathematics.

How crazy is this?

[WalterGR]

From the press release - "a coordinated team of computer programmers and enthusiasts, known as distributed.net, has solved the RC5-64 Secret-Key Challenge."

If you remove a single element - the $10,000 award offered by RSA - then the press release would read more like,

"A group of degenerate hackers [sic] cracked an encryption method owned by RSA Security Inc. The company has contacted law enforcement authorities, and an attempt to track down these hackers [sic] is currently under way. Under the DMCA, these criminals, when caught, faces sentances of up to..."

The amazing spin doctor

"yes, it took 350,000 people three years to break RC5... so RC5 is incredibly insecure".

Give me a break, we knew this is what d.net would say when RC5 was broken regardless of how much time it took. I think they've just proved the point that RC5 is pretty damned good.

Holy Cow !@#$

It was me -- I won!

I'm really disappointed!

[dex22]

I was hoping they would get to 100% and still not find the key!

Now, I get to miss out on all that head scratching. :o(

Ok, so who wants to work out the electricity consumed per block, and calculate the COST of cracking RC5? Remember that as RC5 just uses idle cycles, all the used energy was energy that could have been saved by turning the computers off!

*laffs*

What's next?

Hope you don't live in the US

[Nailer]

As you've just dispensed information which used be used to circumvent a digital media protection device.

Not really.

[pclminion]

There are unbreakable cryptosystems. The one-time pad is unbreakable.

I'm too tired to explain why, I'm sure someone else will pick up the buck on this one.

Re:Not really.

[bryguy5]

Arrgghhhhh.....

You're exactly right about being unbreakable. But unfortunately people just don't care. I worked for a start-up that had a commerical One-Time PAD encryption solution that was quite workable for basic email.

Everyone is still sending their email around in cleartext because ANY crypto system is too complicated to futz with day-to-day. OTP while more secure has more complicated key distrubution issues than other systems.

More legal cases and hacker attempts may change peoples opinions but right now PHB doesn't want to spend the money.

So we have the hobbiest who have annoying PGP sigs attached and everyone else waiting for someone to do all the work for them and make it free.

Re:Not really.

There are unbreakable cryptosystems. The one-time pad is unbreakable.

In principle you are right... but if someone (e.g a russian embassy offical) uses a one-time pad to send more than one message (e.g because they didn't have enough pads due to supply problems) then thinks become less straight forward...

I'm not sure of the full details - I did a quick google search but didn't find anything - I think the British intelligence service obtained the plain text of one message and were able to decode others they had intercepted and stored.

Of course these one-time pads had become more-than-one-time pads but it's a good example of how there are other factors to consider about from the mathematical analysis of a cipher.

Re:Not really.

[Richard_at_work]

The British Intelligence, in league with the NSA and the Australian Intelligence services, managed to do exaclty what u say. Basically in the 1950s -> 1970s the Soviets ran short of cypher material so they reissued Pads, not jsut once, but many times.
Basically what the hunt then entailed of, was traffic capturing, and then use early computers to trawl this traffic looking for matches in the coded groups, which isnt such a hard task, as certain groups (such as SPELL and ENDSPELL) come up a lot more often than others, and a pre encoding dictionary is finite in size.
When matches came up between two messages, you had something in common between the messages which could be used to attackthe other groups in the messages.
Basically the stats for all this make poor reading, something like 30% of traffic was "broken" into, which sounds good untill u realise that "broken into" can actually mean that a single group or word was uncovered in the message, still making the message unreadable.

If you want to read more, read Spy Catcher.

Congratulations, you've been duped by RSA

[truth_revealed]

into doing very expensive PR for them.
This is exactly this sort of result they had hoped for - even their low-grade keys need a world-wide network of computers and months to crack their marketing deptartment will report.
The $10K prize is a joke compared to the cost/time of the compute power involved.
Surely we can put our spare cycles to better use to society than this?

Just got OpenSSH Protocol 2 RSA working...

[snatchitup]

I'm using putty (development version) to connect from a Win box to a linux box.

I'm glad I'm using 1024bit encryption. They've worked so hard to do 64 bit. But each additional bit is a redoubling in the amount of computing power it's going to take to decrypt my packets. Good luck!

I've only got port 22 port fowarded from my router.

You just aint getting in!

Re:Just got OpenSSH Protocol 2 RSA working...

it's always a pleasure to see a true slashdotter speaking about cryptography... Public key (in this case 1024bit RSA) and symmetric key (64 bit RC5) lengths just don't compare. For secure symmetric algorithm increasing key length by 1 bit doubles the effort needed to break it. RSA is another story. you actually need something like 15kbits RSA key to have security of 256bit symmetric key system. Factoring is not O(2^n)!

ps. comparing public key and symmetric key crypto (like I just did) is meaningless. They are two different things that solve two different problems. Apples and oranges really.

Re:Just got OpenSSH Protocol 2 RSA working...

This is comparing apples and oranges. PKI uses long keys because it has to, 64 bit RSA would be no challenge at all. Besides, nobody really uses RSA for anything but key exchange, it's way too slow. Once the two endpoint agree on a key they switch to some symmetric algorithm, such as 3DES or RC5.

Re:Just got OpenSSH Protocol 2 RSA working...

[vadim_t]

That's not exactly right. My knowledge of math isn't great, so somebody correct me if I'm wrong, but 1024 public key encryption can't be compared to 1024bit symmetric encryption. In public key crypto there are lots of holes in the key space. 384 bit public key crypto has already been cracked and 768 bit is probably not very secure.

Re:Just got OpenSSH Protocol 2 RSA working...

[Rich0]

Keep in mind that 1024bit RSA is not equivalent to 1024 bit RC5. They are two different mathamatical problems - RSA is vulnerable to factoring, while RC5 is not. If your only goal was to encrypt a data stream I'd use RC5 - the advantage of RSA is that you don't need a secure channel to exchange keys.

As a matter of fact - you SSH connection is probably using another symmetric algorithm for communication - RSA is only used to authenticate.

Re:Just got OpenSSH Protocol 2 RSA working...

[snatchitup]

I stand corrected. Thank you all very much.

I guess it helps that I used as very long passphraze on my private key??????

Still, you aint gonna hack my box!!!!????!!!????

Maybe I better just try security through obscurity???

Re:Just got OpenSSH Protocol 2 RSA working...

[PinkHeadedBug]

I'm glad I'm using 1024bit encryption. They've worked so hard to do 64 bit. But each additional bit is a redoubling in the amount of computing power it's going to take to decrypt my packets. Good luck!

This is a good joke, but misleading to readers that might not know better.

For their sake: SSH uses both public key and private key (or symmetric) cryptography. Public key crypto uses keys with thousands of bits; private key crypto uses keys with hundreds of bits (older algorithms like DES used only 56). RSA, DSA, and so on are examples of public key crypto. RC5, Blowfish, and such are example of private key crypto.

Their key lengths aren't comparable at all. Whether or not RC5 is "secure" at 64 bits has absolutely nothing to do with using 1024 bits in authentication and session key negotiation.

Sad news ... Stephen King dead at 55

I just heard some sad news on talk radio - Horror/Sci Fi writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon.

Distributed.net no longer in the public eye

[HoserHead]

It's sad, really, that so much focus has moved off Distributed.net to SETI@Home and the other distributed computing projects when Distributed.net was one of the real pioneers of this style of computing (that is, harnessing regular people's CPU time).

In one of my CS classes, we were discussing distributed computing, and a question of any well-known distributed computing projects was asked. I answered "Distributed.net" - and the instructor promptly asked "What's that?" The next student to respond, of course, said SETI: the answer he was looking for.

Maybe I'm biased, as the former maintainer of distributed-net for Debian, but has Distributed.net really become this unimportant and forgotten?

Re:Distributed.net no longer in the public eye

[T3kno]

Not for me, there is no bigger waste of CPU cycles than SETI. Any computer I ever find running SETI@home gets a severe beating and a quick download of D.net. If you want to burn those unused cycles do it on something that matters.

Re:Distributed.net no longer in the public eye

[zbuffered]

Maybe I'm biased, as the former maintainer of distributed-net for Debian, but has Distributed.net really become this unimportant and forgotten?

Only among people who don't know about the history of computing, about it's roots. Your instructor probably hasn't spent hours on IRC helping people get their sound card to work, or downloading .mod files from BBS'es in the early 90's before The Internet came to town. He probably got on the bandwagon late, like many of the "computer people" you run across. No background in the field, they just got into it when it got big, and tried to make a fast buck. Fortunately, people like this will probably try and jump ship once the Next Big Thing comes around, and maybe computers will be left to computer people again.

Sorry for ranting.

Re:Distributed.net no longer in the public eye

[Insanity]

There are two reasons why dnet has largely faded into obscurity relative to other distributed computing projects. The first is that encryption is just not as sexy as a hopeless search for alien life.*

*[Yes, it's hopeless. Alien life is out there, but what are the chances that they're actively transmitting a coherent signal with the specific intent of communication, on a frequency that SETI is monitoring, and this signal is strong enough to be detectable, and is modulated in such a way that we can make sense of it, and is hitting the earth RIGHT NOW? The latter point is the most important: there is probably a narrow range of time between when a civilization learns to transmit radio waves and when it destroys itself. On the unfathomable time scales that the universe deals with, what are the odds that their transmission and our reception coincide? SETI is a waste of manpower, processor cycles, and scarce radiotelescope time.]

Back on topic, the second reason is a horrible mismanagement of dnet. Look at the frequency of .plan updates. Look at the features in the stats engine that have been "in progress" for years, and were ultimately not completed before RC5-64. Look at the complete lack of an OGR-24 result, despite the fact that the first run was completed years ago, with ample time for a second run since then. Whatever they needed to do to process those results, two years should have been enough time. Emails to people who claim to be working on the OGR project have simply been unanswered.

Dnet comes across as an organization that really lacks any leadership. It seems its founders have long since lost interest in doing anything but routine maintainance. I've been with RC5-64 for a long time, but now that it's over, I see no reason to continue running the dnet client with OGR.

Hell, they had the winning key in July, and it took them over two months to find out. The fact that a project this long in development and active use failed to immediately return a result, as it was designed to do, is pathetic.

It's getting very hard to take dnet seriously.

Re:Distributed.net no longer in the public eye

[Zathrus]

If you want to burn those unused cycles do it on something that matters

And brute forced cracking of an encryption algorithm, which everyone who cares knows is possible anyway, matters?

No thanks... I'd rather have my spare cycles go to something that will help cure cancer, Alzheimer's, or the like. (Yes, I know, d.net has "partnered" with UD on the cancer bit, but it's not a d.net project).

Frankly, I'd give the edge to SETI@home over d.net's projects. But that's just me. I do think that there's alien life out there, but I doubt it's trying to communicate in a fashion that we'll be able to find with SETI@home.

Re:Distributed.net no longer in the public eye

[sirinek]

I quit participating, after in early 1999 they took their stats offline and it took them well over 2 months to get it back online, depriving me of seeing how well I did each day compared to the rest of my team. I had 160 sun workstations cranking out keys nightly from 0000-0600 but there was no more excitement for me anymore without the stats.

SETI is a waste of cycles, and dnet isnt getting my cycles anymore. Is anything else available for linux? It seems a lot of those clients for cancer, genome, etc are windows/mac-only.

siri

Re:Distributed.net no longer in the public eye

[Badger]

Folding@Home does have a Linus client. There's a URL elsewhere in this discussion to it.

Re:Distributed.net no longer in the public eye

[Weird+Dave]

Folding at home has a command line linux client.

Re:Distributed.net no longer in the public eye

[Amazing+Quantum+Man]

Folding@Home does have a Linus client

So they gave Linus a book on origami and some paper? How does he find time to work on the kernel when he's folding at home?

Re:Distributed.net no longer in the public eye

Look to
http://www.aspenleaf.com/distributed/
I would recommend http://www.nd.edu/~cmonico/eccp109/
(encryption cracking-small stable client)

and
http://www.distributedfolding.org/
(protein folding)

Re:Distributed.net no longer in the public eye

[jlcooke]

It's been forgotten because they attacked something of little relevence.

RC5? How uses that? Really. The DES challanges were at least interesting because you could go to work the next day and say "hey! d.net checked this algo, don't use it!"

So I say d.net needs to move back to attacking an algorithm people use everyday. Don't think they could do it?

Cracking MD5 wide ope can be done in 2 years using the same number of people at the RC5-64 project. And you'll get millions of cracks in the algorithm and not just one.

We'll see what nugget says...

Re:Distributed.net no longer in the public eye

Re: your sig, I am still waiting to hear one good reason to run Netscape 7 instead of Mozilla! :-)

Personally, I use Mozilla. However, how about the fact that if you use Netscape, you will be supporting the main company that is supporting the Mozilla project? OK, yeah, it's the same company that supports AOL, which might turn you off, but it would still be a valid reason to use Netscape.

Re:Distributed.net no longer in the public eye

[arkane1234]

Your more than welcome to try...

I invite you... do try :) You'll go down quicker than a Windows 95 box during a winnuke attack.

Re:Distributed.net no longer in the public eye

[Cybrr]

OGR matters.

i cant even pronounce this number

[NO_NYT_POSTS]

Over the course of the RC5-64 project, 331,252 individuals participated. We tested 15,769,938,165,961,326,592 keys.

anyone help out?

Re:i cant even pronounce this number

15 quintillion 769 quadrillion 938 trillion 165 billion 961 million 326 thousand 5 hundred and 92.

(US numbering)

Re:i cant even pronounce this number

[Krach42]

fifteen quintillion seven hundred sixty-nine quadrillion nine hundred thirty-eight trillion one hundred sixty-five billion nine hundred sixty-one million three hundred twenty-six thousand five hundred ninty-two.

In american english of course. I recall something about the british having "Millard" between million and thousand.

Re:i cant even pronounce this number

Easy: 1.5769938165961326592 * 10^19 keys.

Or: 15.769938165961326592 exa-keys.

(SI prefixes going up (ding ding): kilo, mega, giga, tera, peta, exa.)

Re:i cant even pronounce this number

In american english of course. I recall something about the british having "Millard" between million and thousand.

This is, of course, BOLLOCKS

Re:i cant even pronounce this number

[psavo]

In american english of course. I recall something about the british having "Millard" between million and thousand.

Milliard is 1k * 1M. Only US uses 'billion' there.

Re:i cant even pronounce this number

It's pronounced, "many."

Re:i cant even pronounce this number

[JUSTONEMORELATTE]

Millard? Puuleeez!
But there is a differing on the use of trillion
Trillion:
1. The cardinal number equal to 10^12.
2. Chiefly British. The cardinal number equal to 10^18.

Megahertz Myth???!!!

Finally proof of the Megahertz myth:

Our peak rate of 270,147,024 kkeys/sec is equivalent to 32,504 800MHz Apple PowerBook G4 laptops or 45,998 2GHz AMD Athlon XP machines or (to use some rc5-56 numbers) nearly a half million Pentium Pro 200s.

Re:Megahertz Myth???!!!

Wrong. Proof that people will go to any lengths to prove something that is not true.

An optimised RC5 client agains a non-optimized one? Come on...

Course what will poor apple ever do when they upgrade to the G5 which HAS NO ALTIVEC IN IT? Then even little lies like this can't be faked.

hmm... wonder if I hit the key

[zaren]

Well, at least my G3 and G4 at home will get to spin down at nights now... and I can dedicate all the spare cpu on my sparc at work to seti :)

32,504 800 MHz G4 vs. 45,998 2 GHz Athlon XP?

[icrooks]

"Our peak rate of 270,147,024 kkeys/sec is equivalent to 32,504 800MHz Apple PowerBook G4 laptops or 45,998 2GHz AMD Athlon XP machines ...."

800 MHz G4 is faster crunching the keys than a 2 GHz Athlon XP

I am reading that right?

Re:32,504 800 MHz G4 vs. 45,998 2 GHz Athlon XP?

[dex22]

Yes, you are. :o)

Re:32,504 800 MHz G4 vs. 45,998 2 GHz Athlon XP?

Yeah I saw that too. Must've been a big fat typo. :)

Re:32,504 800 MHz G4 vs. 45,998 2 GHz Athlon XP?

not a typo... altivec helps disproportionately. compare a g4 and an athlon if you don't believe me.

Re:32,504 800 MHz G4 vs. 45,998 2 GHz Athlon XP?

[Stormie]

800 MHz G4 is faster crunching the keys than a 2 GHz Athlon XP. I am reading that right?

Yes. I've never seen anything which shows off Altivec quite as well as RC5 cracking. There are hand optimised assembly cores for various CPUs in the d.net client, but the Altivec-enhanced G4 core pretty much destroys everything. I expect it's because Altivec has vastly more flexible shuffling instructions than MMX.

This by no means proves that a G4 is "better" than an Athlon, but it's interesting.

Brute Force is Perfectly Acceptable

[DigitalSorceress]

Crypto experts will call an encryption algorithm sound if knowing the full details of that algorithm, the most effective way of cracking it is to try every key. This is what they STRIVE for.

If the best way to break a cryptosystem is to brute force it, they have a very good idea of the real-world usability of that key length.

If the 64 bit key took 4 years with 312,000 or so users with our current technology, then cryptographers know how many real world CPU cycles it takes (why am I thinking of tootsie pops for some reason?) to break. From there, it is simple enough to compare that number of cycles to the current state of computing to determine future crack times.

Look at the Military... if they have a message about an impending operation that is 1 day to 3 years away, and the best effort anyone can bring to bear on decrypting it will take 4 years, then in a practical sense, that message is unbreakable.

However, a secret one plans to keep for say 20 years better have a key length long enough so that even accounting for Moore's law, the key will take longer than that to break... of course, the real problem is that if there is some new mathematical breakthrough that allows radically faster factoring, (quantum computing anyone?) then all these results are meaningless.

an interesting bit of trivia

[Nugget]

While the prospect of a false-positive key was the subject of much speculation during RC5-56, we did in fact encounter exactly such a beast during RC5-64.

In the interests of speed, only the first "block" of the crypted text is decrypted and evaluated for a solution. This means that it's possible for a key which isn't the correct key to report as a false positive because although it doesn't decrypt the text it does yield a plaintext which matches "The unkn" for the first eight bytes.

There's been much speculation and napkin scribbling on just how frequently such false positives might present themselves. The general consensus seemed to be that such an occurrence is extremely improbable but in a dataset the size of 2**64, extremely improbable may still yield a nonzero frequency.

The key 0xBB27D52F60FD932C does, indeed, decrypt to a plaintext for which the first eight bytes match the known plaintext for the contest. The remainder of the decrypted text, however, is just garbage. This key has actually been returned by clients twice over the course of the contest.

In August 1999, "Edward Scissorhands" turned in the key.

Again in July 2000, Team RC5 Chile submitted it. Since they're unfortunately using a shared email address for their team, there's no way to know which individual was the submitter.

I wasn't the winning key, but was a really unique "near miss". It also represents an interesting datapoint regarding the RC5 algorighim. A brute-force search is really the only way to conclusively determine the liklihood of such false positives.

Re:an interesting bit of trivia

[BovineOne]

Nugget is wrong, the false positive was actually found three times. Most recently, the bymer@ukrpost.net worm found the false-positive on
November 6, 2001. There potentially could be problems identifying the owner of that worm-infected machine and having to explain the
circumstances of a winning solution, but fortunately that was only a false positive.

Re:an interesting bit of trivia

[Leonel]

Was the *same* false positive key found three times? I mean, why was it processed again? I thought that the keyserver would only assign blocks to clients work with if they weren't assigned to anyone else. If the assigned keyspace was exausted and the right key wasn't found, only then re-assign blocks that weren't returned.

Re:an interesting bit of trivia

[Papineau]

The short answer is that to be able to track all blocks, the keyserver concentrates on a small portion of the keyspace at a time. So if 90% of that small part is returned, the balance will be resent, in an attempt of getting the results faster and be able to switch to another part of the keyspace.

Search on the distributed.net website for more details, I recall a graph saying that 95%+ blocks were returned after 4 days, and after that the return rate was nearing zero, so it makes sense to resend those after a few days.

There's also the possibility that it was in a random generated block: when your client cannot reach the keyserver, it processes a block at random (actually, I think all the random blocks are close to each other). That would explain the 3 reports, at almost 1 year interval each.

Is my 128-bit key safe?

[HillClimber]

Wow, working at that rate, a 128-bit key could be broken in only 4 billion years. That is, if you had 300 trillion people working on it. Aren't exponential algorithms fun?

The real answer

0x000000000000002a

What have we discovered in this exercise?

[Dr.+Spork]

You know, anybody with a pencil can figure out how many computation cycles it will take to produce 50% probability that the key will crack. Then, it seems like the only trick to it is to sit there and wait a few months while your CPUs heat the room, and then you eventually find out whether it will crack before the 50% probability or after.

In the process, we have learned absolutely nothing. It's like a game where I say "I'm thinking of a place, can you guess where it is?" Then hundreds of thousands of you would send in guesses, and eventually you would get it. What a pointless exercise that would be! I'm sorry, but I don't see the difference here. In a way this is even less interesting, because you know that sometime the code will crack. There is no element of surprise at all in the results, and once we have it, we learn... nothing at all.

In the process, how much electricity do we waste chugging through the code? Did one of you clever people calculate how many fewer tons of CO2, soot and radioactive waste would have been produced if you had just left your Athlons turned off? How about all the air conditioners you used to cool the rooms the Athlons live in?

For the next challenge, I suggest that you just pretend your CPU is working, and in a few months (time determined randomly according to the probability of cracking if your computers had been on), the guy who issued the challenge will pretend that his code was cracked and announce what his oh-so-important secret message was. That would sure make me happier--and it's not like we'd lear any less that way.

(Notice also that my criticism doesn't apply to SETI or protein folding projects. At least they give us a chance of finding out something.)

Re:What have we discovered in this exercise?

[MichaelDelving]

Actually, we've demonstrated that all the coordination and overhead involved with farming the search out to 0.3 million boxen is surmountable. There is definitely an increment of accomplishment in any translation from design to implementation.

Re:What have we discovered in this exercise?

[anthony_dipierro]

But didn't we do that months, even years ago? How much has the distributed.net infrastructure improved over the last 2 years? I think it's time to find something useful (and I disagree that SETI qualifies) or call it quits. Maybe protein folding, but the question becomes whether or not the cost in power usage alone would be better spent in some other way.

Re:What have we discovered in this exercise?

[Ziviyr]

Thats why I'm focusing on OGR.

Once we have it, it can be used to boost efficiencies elsewhere. (mainly in the rhelm of sensory knowledge gathering AFAIK)

Re:What have we discovered in this exercise?

[Dr.+Spork]

I do think the poster you replied to makes an interesting point: maybe what we learned is something about human nature, namely, that very many of them would be willing and/or able to waste significant personal resources for a totally predictable and trivial project. The more I think about that, the more interesting I find it. The lesson, then, is that there are tons of people in the wings, ready to do a numbercrunching project for (what they perceive as a) good cause.

I agree with you that SETI is pretty damn unlikely to turn up anything, but that in itself is sort of interesting too. I mean, why don't we hear other civilizations? And maybe, when people look at a computer overheating from SETI crunching, they think about how much alike we all are as human beings, and how the thought of interaction with aliens makes our terrestrial squabbles seem petty. Alright, I'm probably overstating the case.

Protein folding... I don't know much about this project, but isn't it the case that your CPU simply becomes the bitch of a pharmaceutical company that's going to pantent the stuff they learn from your calculations? That really put me off. I am happy to serve mankind, but not to line the pockets of evil drug companies.

So, what does my computer do at night? It serves FTP. Sure, pretty laid back for the CPU, but I think it does a whole lot more for people than any relevant alternatives.

We were more lucky this time.

[wunderhorn1]

Dnet was much more lucky with the RC5 project. We found the key with 12% of the keyspace left to go (with odds of 135 to 1).

For the last project, CSC, we had to exhaust the entire keyspace and then go back and recheck some of the work.

Congrats to everyone who participated.

And just for kicks, here are my final stats on the project:
Rank: 38501 (out of 331,286)
First block: 25-Sep-1999
Last Block: 22-Sep-2002
Days working: 1,094 (out of 1,796)
Total Blocks: 226,544 (out of 61,015,324,138!)
The odds were 1 in 3,802,292 that I would have found the lucky key before anyone else.

Re:We were more lucky this time.

More lucky than CSC which suffered from a bug, yes, but where on Earth do you get odds of "135 to 1"? If it weren't for bugs or malicious tampering, the odds of finding the key before 88% of the keyspace is exhausted are about 7 to 1 in *favour*.

Let's check the math...

[Planesdragon]

Ok... "thousands of computers" and 1700 days. Let's call it 2000 computers putting in full 24 hours days. And let's assume that Moore's Law will remain true...

Cracking RC5-64 took 384,000 computer/hours today. There are 168 hours in a week. So, for one computer to crack RC5-64 in a matter of weeks (less than five) would require a computer about 460 times faster than what we have now; assuming moore's law keeps going, we'll get those in about 13 years (2015).

In five years (48 months), computers will be about 2.6 times as fast powerful as they are now; it'll still take over 147,000 computer-hours to crack the same code; one computer would take 16 years to crack that.

(The same 2000 computers, once upgraded, could replicate their feat in a measly 654 days--still, two years.)

And, of course, this assumes that Moore's Law remains constant, there's no overhead, and distributed.net's brute force test is a good example; it could have gotten lucky, or it could have taken them an unusually short time to find the right code.

For a realisitic cracking scenerio, let's say our cracker has ten computers and wants to crack the code in a week... he'd still have to wait 8 years to be able to do it, and who'd want to bother with 13 year old data for cracking, anyway?

Re:Let's check the math...

[Papineau]

So, for one computer to crack RC5-64 in a matter of weeks (less than five) would require a computer about 460 times faster than what we have now; assuming moore's law keeps going, we'll get those in about 13 years (2015).

You forget THE major point of Distributed.net: distributed computing. If you put 2 computers to the task, you already cut by half the time needed. Have more money? Put 3000 CPUs (go read the nVidia and ATI tour at Anandtech to see if somebody can afford those now) through it, and the time will shrink by the same amount.

And regarding the time needed to crack it, I get a couple orders of magnitude greater than 384000 computer*hours. More akin to (quoting the PR) 46000*790*24=872 million computer*hour (using an Athlon XP 2GHz). A single CPU computer wouldn't be able to do it on a human scale time (would be about 100000 years), you absolutely need more than one computer to live to see the result.

For a realisitic cracking scenerio, let's say our cracker has ten computers and wants to crack the code in a week... he'd still have to wait 8 years to be able to do it, and who'd want to bother with 13 year old data for cracking, anyway?

I probably miss something about why the 8 years becomes 13, but there are some things that don't change in time, and could be used by somebody even in a few years. My credit card number hasn't changed since I first got it, same thing for my bank account. The goal is not for it to be secure only now, but also in the future. You may think about other examples involving national security if you prefer.

Re:Let's check the math...

[the+Man+in+Black]

I would have taken this bit of math more seriously if it weren't for the fact that 48 months is 4 years, not 5.

Sure, I'm anal. But I'm right.

Re:Let's check the math...

[Planesdragon]

I probably miss something about why the 8 years becomes 13,

"because no one's used 64-bit encryption since 1997."

I know it's not common practice now, and I pulled a random number from the Umbra as an example.

My credit card number hasn't changed since I first got it, same thing for my bank account.

Your Credit Card number and bank account number can be found by either a simple mugging or some discreet garbage scavenging--and they can be switched in about a week by any competent financial institution.

The goal is not for it to be secure only now, but also in the future. You may think about other examples involving national security if you prefer.

National security... I think the gov't assumes that if someone gets access to a file, they're going to read that file, and that encryption will only slow them down.

Then again, I think that government does indeed think that it's always acting in the best interest of the country, so what do I know? ;)

Re:Let's check the math...

Your math contains several errors and makes a lot of needless assumptions :). Let's start anew.

It's far more reliable to do computations based on known keyrates. A dual 1.25GHz G4 can handle about 28 million keys/sec. The total keyspace is 2^64, which is about 18 quintillion keys.

So that gives us, with the current technology, a total workload of 20000 computer-years. In five years, let's say computers are about ten times faster (that's doubling every 1.5 years, pretty generous for Motorola, but...).

Then we only need 2000 computers to guarantee cracking within a year. With 200 computers, you'd still have a 10% chance of getting it within the year (raise your hand if you'd tolerate a 10% chance of your data being compromised).

Any medium-sized organisation can afford 200 computers, even if they are Macs :). Heck, the single shipment of LCD iMacs to Genentech constitutes more computing power (after adjusting for Moore's law).

Re:Let's check the math...

The fruit of nuclear weapons research of 13 years ago would be very interesting to countries like Iraq and Bosnia.

It all depends on the type of data. What if some senator is carrying on an affair today and makes mention of it in an encrypted email? What if that same senator is president 14 years from now and is up for re-election? Someone who can hold a bombshell like that over his head is in a very dangerous position.

A country like Red China can put together massive computing clusters. MFN status? With the right information, they can guarantee that.

I have no doubt that there is information relating to the Kennedy assassination that is still sensitive. After all, we still have over 30 years before all of the records will be unsealed.

The age of the information isn't a guarantee that it will be useless when it comes to light.

Re:Heh ??

[AvitarX]

lets see, if we take a cutting edge computer from 4 years ago as the average power of d.nets computers (a sloppy assumption), and then say only half 500 of them are working at any time (more sloppieness), that leaves us with 500 computers from 1998. missusing moore's law to say it is seed and not just transistor count (fairly effective approximation) and go 11 years from now, that is plus 4 years is 10 18 month doubles.

2^10 = 1024 times the power of a dnet computer.

that means it will take one computer 4 years to solve the RC5-64.

obviously at that point the super computers can chew right througgh it, but for even a network of desktop 10 or so desktop computers this is non trivial.

Re:Heh ??

That's the point.... is RC5-64 (effectively) safe today? It sure the heck is.. this project proved that!

Depends whom you've pissed off lately. If, say, NSA or GCHQ (that's British for "NSA") were to bring their full computing power to bear on the problem, they could probably match d.net's efforts in that "realistic timeframe".

In unrelated news, SETI packets...

[velcrokitty]

... were inadverently fed into the RSA search, and interesting patterns developed which were determined to be an alien world's attempt to flagrantly disregard their version of the DMCA with pop tunes such as "Shake those crazy antennae", "Happy CycleDay", "Zoood I did it again", and Lanthinatica's hit "Enter SmallRoundPebblesFoundOnBeach Man."

Earth's branch of the RIAU (Recording Industry Artists of the Universe), the RIAA said that they would begin to crack down on these pirate receivers and guarantee their brothers in the stars more revenue...

Re:Heh ??

[shut_up_man]

... at our peak rate we could expect to exhaust the keyspace in 790 days. Our peak rate of 270,147,024 kkeys/sec is equivalent to 32,504 800MHz Apple PowerBook G4 laptops or 45,998 2GHz AMD Athlon XP machines...

Uh, I think it's going to be a VERY long time before the average laptop / home PC does this in a week.

End of an era (for me, anyway)

[Scutter]

I'm surprised at how stunned and emotional I am upon reading this. After personally investing almost four years and uncounted trillions of clock cycles for over half a quadrillion keys and just like that it's over with. *sigh*

I watched the progression of the computer industry grow just by watching the gradual increase of my daily keyrate.

Four years ago when I first started, I was going through 52 blocks a day. Yesterday, I went through 2784 blocks. Looking at the daily graph is practically a history of my life for four years. I can see spikes where my company bought a dozen computers and I borrowed their cycles for a couple of days while I configured them. I can see dips where I turned my computers off to go on vacation for a weekend. There's the whole flat area from last year when I didn't have a job and so had limited access to extra CPU cycles.

Re:End of an era (for me, anyway)

Dude, that's really sad if you remember the past 4 years of your life based on the graph of your RC4 keyrate. Go outside. Breathe in the fresh air. Let the sun touch your pasty skin.

Get a life.

Re:End of an era (for me, anyway)

It's not sad at all. I think it's sad you feel the need to tell people how to run their life. I've personally had some interesting times with the RC5-64 challenge.

The time I sneaked the client onto all 250 machines at work for a week... before I got caught by a lesser admin and was forced to disable them all (easy cos there was only a single instance launched from the LAN and run entirely in memory).

Racing my friends keyrates and total blocks. I even had a machine still submitting blocks 2 years after I left a site I was working on - that machine must be smokin'!

Re:End of an era (for me, anyway)

[Ixohoxi]

Sadness, like beauty, is in the eye of the beholder.

I also couldn't help but feel a little sorry for you. Granted, maybe those four years were the best four years of your life. Perhaps though they could have been even better?

And no, I don't mean by your winning the challenge.

Re:End of an era (for me, anyway)

It *is* sad. Some people are fucking idiots and *need* to be told what to do.

Re:End of an era (for me, anyway)

[Racine]

I'm with on this one. I can't begin to explain how weird it was to just shut down the dnetc processes on all of my machines. So sudden, though I knew that's how it would be. To think, I'd been doing this for nearly 4 damn years...

Re:End of an era (for me, anyway)

[arkane1234]

YES! I agree! We need to pass more laws to keep these simpletons in line! That goddamned patriot act isn't doing a good enough job

Re:End of an era (for me, anyway)

[mraymer]

I can't imagine how it is for you, since I've only invested a year into this project, and I was shocked at what a profound impact the end had on me. dnetc had become part of my daily life (especially since at home i have dialup... gotta update those buffers every so often).

I'm going to work on OGR until they start RC5-72 going. Maybe some people would groan at that idea, but hey, I'm all ready for another brute force attack! ;)

Sponsored by your local electric company...

[anthony_dipierro]

300 Watts * 1 million hours = 300,000 kilowatt hours. 300,000 kilowatt hours * $0.10 = $30,000.

I wonder how many U.S. and Iraqi soldiers died to make this great display of wasted energy possible.

Re:Sponsored by your local electric company...

[jgerman]

None. Your post isn't just insulting, it's idiotic. How many soldiers had to die to provide power for slashdot for the last year? How many had to die so we could play Playstation. The answer is none, always has been none, and will always be none. If you want to protest military action by posting snide comments on the web, at least do it with comments that are relevant, not bullshit rhetoric intended to pull at the audience's emotions.

Re:Sponsored by your local electric company...

[anthony_dipierro]

Oh please... Do you really believe that we would be involved in a conflict with Iraq if we didn't need the oil? Perhaps the answer to my question is less than 1, but it's certainly not 0.

By the way, I'm not in any way protesting military action.

Re:Sponsored by your local electric company...

[jgerman]

I'm not going to get drawn into an argument over why we're in a conflict with Iraq, or even whether or not we need the oil. The answer question is 0.

You've forwarded the proposition that

U.S. and Iraqi soldiers had to die to run the decryption.

Which yields the converse:

If wasn't run, no U.S. and Iraqi soldiers would have had to die.

Which is patently untrue. You're attempt at an emotional appeal as an argument was not only weak, it was stupid. You might as well have said that not turning off your lights when you're not using them causes soldiers to die.

Re:Sponsored by your local electric company...

[anthony_dipierro]

I'm not going to get drawn into an argument over why we're in a conflict with Iraq, or even whether or not we need the oil.

Nor do I ask you to.

The answer question is 0.

I disagree.

You've forwarded the proposition that U.S. and Iraqi soldiers had to die to run the decryption. Which yields the converse: If wasn't run, no U.S. and Iraqi soldiers would have had to die.

No, the converse is: If it wasn't run, fewer U.S. and/or Iraqi soldiers would have had to die.

Which is patently untrue. You're attempt at an emotional appeal as an argument was not only weak, it was stupid. You might as well have said that not turning off your lights when you're not using them causes soldiers to die.

I believe that to be an accurate statement.

Re:Sponsored by your local electric company...

[LiquidPC]

No, the converse is: If it wasn't run, fewer U.S. and/or Iraqi soldiers would have had to die.

That's absurd. There is no relationship between the amount of energy americans use to the amount of soldiers that die.

Plus, we're not going to attack Iraq, assuming we do, because we want their oil. Maybe you should read up on that?

Re:Sponsored by your local electric company...

[slamb]

You've forwarded the proposition that

U.S. and Iraqi soldiers had to die to run the decryption.

Which yields the converse:

If wasn't run, no U.S. and Iraqi soldiers would have had to die.

Which is patently untrue. You're attempt at an emotional appeal as an argument was not only weak, it was stupid. You might as well have said that not turning off your lights when you're not using them causes soldiers to die.

Umm, someone isn't familiar with logic. The converse of a true statement is not necessarily true. The contrapositive, however, is. In this case:

If no U.S. and Iraqi soldiers died, the decryption would not have been run.

Which is false, so the original statement must be also. But that doesn't change the fact that you've given a straw man - the converse wasn't something he asserted to be true at all.

Remember:

• P -> Q: original statement.
• ~P -> ~Q: inverse.
• Q -> P: converse.
• ~Q -> ~P: contrapositive.

The original and the contrapositive are equivalent statements. The others are not.

Re:Sponsored by your local electric company...

[anthony_dipierro]

That's absurd. There is no relationship between the amount of energy americans use to the amount of soldiers that die.

That's absurd. There is a relationship between the amount of energy americans use to the amount of soldiers that die.

Plus, we're not going to attack Iraq, assuming we do, because we want their oil. Maybe you should read up on that?

If Iraq didn't have oil, we wouldn't be attacking them. Hell, if Iraq didn't have oil, they wouldn't be dangerous.

Re:Sponsored by your local electric company...

[silentbozo]

I'm assuming your figure of 300 Watts is the average computer load? That seems a bit high to me... even including your drives, graphics card, etc. Unless you're running some sort of unconventional monster, or a REALLY old machine, I would peg 150 Watts as the average load.

That works to about $15,000, the cost of buying about a dozen workstations. If you give the user generating the keys 5 cents per kilowatt hour, that runs about $22,500 total over 4 years, or $5625 a year. That's a decent price to rent what amounts to a supercomputer (albeit, a supercomputer with ugly latency between nodes.)

I dispute the notion that this is wasted energy, as 1) many workstations would have been sitting idle anyways, 2) the point of this exercise was to prove that short key lengths (ie 56 bits, 64 bits) are bad for any organization or individual who needs to keep data encrypted for long periods of time (say, until after 20, 30 years, or until the end of someone's lifetime.)

Of course, there are the geeks who dug machines out of the trash or bought new processors/boxes under the rationalization that they'd find the key and win the prize, who then ran their boxes, and their relatives' boxes, and other peoples' boxes (if they were lab admins), 24 x 7, requiring air conditioning, efficiency losses incurred in powering the air-conditioning, shipping expenses related to the shipping of new processors because they accidently toasted the ones they were overclocking, etc. I suppose they could have spent that time pedaling on bikes equipped with generators to help with the energy shortage... but then you'd incur the expenses associated with the extra food they'd be eating!

Re:Sponsored by your local electric company...

[anthony_dipierro]

I'm assuming your figure of 300 Watts is the average computer load?

Yeah, I got it from a website somewhere (can't find it, but I'll agree 150 is probably closer to the average.

many workstations would have been sitting idle anyways

They should be turned off, or at least in low power mode.

the point of this exercise was to prove that short key lengths (ie 56 bits, 64 bits) are bad for any organization or individual who needs to keep data encrypted for long periods of time (say, until after 20, 30 years, or until the end of someone's lifetime.)

Anyone with half a brain already knows that, and I fail to see how anyone without half a brain is going to have his mind changed because of this demonstration.

I suppose they could have spent that time pedaling on bikes equipped with generators to help with the energy shortage... but then you'd incur the expenses associated with the extra food they'd be eating!

Or maybe they could have turned their computer off (the horror).

Re:Sponsored by your local electric company...

[LiquidPC]

If Iraq didn't have oil, we wouldn't be attacking them. Hell, if Iraq didn't have oil, they wouldn't be dangerous.

Right. Kind of like how we attacked afghanistan for oil, eh?

By the way, you should probably stop responding to posts because you're killing soldiers every time you make stupid fallacies on slashdot.

Re:Sponsored by your local electric company...

[anthony_dipierro]

Right. Kind of like how we attacked afghanistan for oil, eh?

No, nothing like that.

By the way, you should probably stop responding to posts because you're killing soldiers every time you make stupid fallacies on slashdot.

Collateral damage.

Miss the point a little?

[1WingedAngel]

The important thing here has nothing at all to do with cryptography. The important thing is that some how, some way, Nugget and Co. managed to get 300,000+ people together to do something (semi-)constructive. If this was a parade or a demonstration, it would get national news coverage. However, since these guys are "just a bunch of geeks" there is little fanfare. It passes with relative quiet into the sunset. I would personally like to thank the guys at distributed.net . You guys proved something here and anyone who can't see that it has nothing at all to do with RC5 needs to just move along.

Re:Heh ??

[Tony+Hammitt]

You're very bad at math.

that laptop would have to run at about 30000000000MHz, assuming that (and this is probably low) 1000000 CPU years assuming PIII/500MHz were spent on this project...

Good luck finding one of those

Way to go.

[jkking]

But 4 years for $10k??

How smart can they really be?

Re:Way to go.

Can't you see they don't do it for the money?

See Cryptonomicon.

[Haeleth]

Just about the only book I think *everyone* on Slashdot must've read.

Which, incidentally, includes an episode where one-time pads are broken. Oh well.

More worthwhile?

[mblase]

Scanning outer space for the remote possibility of advanced alien life, which may or may not have any interest in even contacting us... versus the very real and present problem of testing the security of a widely-used encryption algorithm.

Yeah, sure, that's a much more "worthwhile" pursuit.

Re:More worthwhile?

[southpolesammy]

Let me ask you, what did we learn from the breaking of the RC5-64 algorithm? That given enough resources we could break what seems to be a strong algorithm? We knew that long ago. Did we learn any new methods of sequencing that might assist us in determining the innate strength of this algorithm that we could apply to others? Not hardly. We knew beforehand that the sequence would eventually be found at least by brute force, and since that proved to be true, we learned nothing about how to do it better the next time. The only palpable gain was the demonstration of a large distributed network of nodes working together to achieve a goal, but that too has been demonstrated before.

Bottom line -- the whole RC5-64 project was a big freaking no-op. Therefore, yes, I do feel looking for signs of extraterrestrial life, or gene sequencing, or some other task would have been more fruitful than the goal of this pursuit. I realized that years ago and switched to SETI as a direct result of that observation. And the point about whether ET wants to contact us or not is irrelevant. If the SETI project was able to attain their goal, it would literally be the greatest event in history. Because of the ramifcations of this possibility, the end goal is more worthy and will reveal something about the nature of things, rather than prove a hypothesis we already know to be true and provable. The amount of CPU cycles wasted on this project that could have been applied elsewhere is staggering.

Obviously time for 65-bit now

[TomatoMan]

See, 64-bit can be broken in four years. Time to move to 65-bit, that'll keep us safe until 2010 or so. Wake up, people!

False positives in RC5-64

[BovineOne]

Naturally there is a lot of interest about finding the solution, but what about "almost solutions" found by false-positive hits?

In the interests of speed, only the first "block" of the crypted RC5-64 text is decrypted and evaluated for a solution. This means that it's possible for a key which isn't the correct key to report as a false positive because although it doesn't decrypt the text it does yield a plaintext which matches "The unkn" for the first eight bytes.

The key 0xBB27D52F60FD932C does, indeed, decrypt to a plaintext for which the first eight bytes match the known plaintext for the contest. This key has actually been submitted three times over the course of the contest, once by three different users.

In August 1999, again in July 2000. Most recently, the bymer@ukrpost.net worm found the false-positive on November 6, 2001. There potentially could be problems identifying the
owner of that worm-infected machine and having to explain the circumstances of a winning solution, but fortunately that was only a false positive.

Fortunately, we eventually found the actual key. But because we were seeing these legitimate false-positives being reported throughout the duration of the contest, we had full confidence that our network and our clients were functioning properly and that we would eventually find the actual solution in time.

Surprised they're going on.

[ruebarb]

I'm surprised the distributed team is thinking of going to the RC5-72 bit challenge. Even with the average CPU speeds increasing, it'll take another 5 years probably to crack it.

Given the payout for this stuff, I'd have expect some expert cryptographers are working on the 128 bit algorithm, looking for cracks to reduce the brute force time...that's what I would be doing at this point had I the skill...not focusing on the crummy brute force attacks....

Re:Surprised they're going on.

[compwizrd]

2 ** 72 / 2 ** 64 = 2 ** 8 = 256

256 times as many keys, going to take a lot more cpu time than that, especially with a lot of cpu's running the OGR challenge instead of RC5

Re:Surprised they're going on.

We are at the crossroads now, and everything will change. It's time for a new internet, a new revolution in distributed computing. You too can be part of this new paradigm. Please download the attached distributed computing megasuperdupercool client and run it 24 hours/7 daya a week. We use MQ message passing, so you must stay connected at all times in order for your computer not to freeze until the next packet is recieved. The amount of processing power is updated on our server daily, so add as many free (and non-free) machines as possible! For technical reasons, all of your other processes will have a nice value of +1 more than the distributed client. Once the final outcome is reached, you personally will recieve $25,000! That's right, $25,000 just for participating once the final outcome is achieved.

The goal of this distributed client is to provide me with a computer fast enough to do whatever I want. It will be at my discretion when it is fast enough. Please the readme binary for details, and click OK on the EULA to read the details.

Lets see $10,000/1million= :(

[Brigadier]

In further news all participating Distributed.net users will be issued a check for 1 Cent.

Re:Lets see $10,000/1million= :(

[Froobly]

Why, if I had a penny for each time I...

Oh.

Something worth while

[LoudMusic]

How about we all focus our attention to something worth while now? Seti is cool, but we don't have any direct and imediate gains for finding alien life a billion light years away. The information we'd be communicating would be ... a billion years old.

How about Cancer research? It's already been proven beneficial.

http://members.ud.com/about/getting_started/

UD!! Sign up today and get cracking!
(unfortunately they only have win32/intel clients, doh!)

~LoudMusic

Imagine

[Quok]

A beowulf cluster of those laptops!

(Sorry, I couldn't let that one go.)

Isn't this contest illegal under the DMCA?

[gosand]

Wouldn't a contest like this be illegal under the DMCA? True, the company sponsored the contest, and asked that you try to break it, but technically speaking, couldn't they be prosecuted for it? It was for research, but the DMCA is so vaguely worded that I think that this contest was illegal.

Re:Heh ??

[Pembers]

in several years time, the average laptop / home PC will be able to crank out the work that the distributed project did in a week or so...

I think you underestimate the scale of the problem - RSA's press release says there were over 300,000 people working on it for nearly five years. So, if Moore's Law continues to hold (a doubling of CPU power every 18 months or so), then in five years' time, computers will be, on average, 3 1/3 times faster than they are today. That means that you could repeat the RC5-64 "experiment" with 90,000 people, instead of 300,000, but it would still take nearly five years. Or you use the same number of people, and they'd be able to do it about 17 months.

I agree that, given enough doublings of CPU power, it will become feasible to crack RC5-64 with a single machine, but by my calculations, such a machine won't exist for 30 or 40 years. No doubt by then, if we're not already using quantum computers, we'll have something like RC20-65536, and cracking that will still need hundreds of thousands of machines to crunch numbers for years.

Yes you are reading it correctly.

[Squeezer]

Rc5 cracking works on bit operations. Imagine you have a binary number 00000001 well distributed tests the next number bu moving the bit one space so the next number it tires is 00000010 and then 00000100 and so on and so on and then 00000011 00000110, etc...

Some processors move the bits faster then others because they have a register in the CPU to do this, and some don't. The AMD K5 was extremely fast at this because it had the register for this, where as the K6 had to use 4 registers to move the bit one space.

Re:Yes you are reading it correctly.

[mwjlewis]

Knowing this, Why can't someone (Sun, Intel, Motorola, AMD, IBM, random startup) create a processor that is designed purly for this? I don't see why this is not feasable.

Comments?

Re:Yes you are reading it correctly.

[BitHive]

As one of the parent posts mentioned, some CPUs (the G4) do have this ability. Anyway, dedicated DES-cracking hardware has been built, and in fact solved the RC4 (correct me if I'm wrong) challenge quite quickly. There just aren't very many uses for such hardware outside of brute-forcing.

G4 800 faster than Athlon 2Ghz?!

[FyRE666]

Our peak rate of 270,147,024 kkeys/sec is equivalent to 32,504 800MHz Apple PowerBook G4 laptops or 45,998 2GHz AMD Athlon XP machines

Am I missing something here? Are they claiming the 800mhz G4 is over 1.4 times as fast as an Athlon 2ghz??

Looks like the writer has been exposed to the "Steve Jobs reality distortion field" for a little too long...

Re:G4 800 faster than Athlon 2Ghz?!

[class_A]

No, just that AltiVec(TM)*, the PPC SIMD engine, is shit hot.

*also referred to as VMX by IBM and Velocity Engine by Apple

Re:G4 800 faster than Athlon 2Ghz?!

[Dambiel]

>Am I missing something here? Are they claiming the 800mhz G4 is over 1.4 times as fast as an Athlon 2ghz??
>Looks like the writer has been exposed to the "Steve Jobs reality distortion field" for a little too long...

perhaps, but i think a more likely explanation is that they're using actual data. Doesn't seem highly improbably that differerent architectures could have different performance levels on a highly specialized task

Re:G4 800 faster than Athlon 2Ghz?!

[NighthawkFoo]

The Altivec vector processing unit on the G4 does wonders for RC5 processing.

Re:G4 800 faster than Athlon 2Ghz?!

[discstickers]

I can attest to that from personal experience. I have a PowerBook G4 500. My roommate last year had a custom-built P4 1.4 GHz.

I was able to do around 4 million keys/sec. He did around 2 million keys/sec. So, clock for clock, my computer was 4 times faster than his.

Yes, the advantage was because of the Velocity Engine(ake VMX aka AltiVec), but I does show the power of the G4 when it is programmed for correctly.

Re:G4 800 faster than Athlon 2Ghz?!

[Eravau]

I haven't looked at the speed of either of these two specific machines, but when I compared the speeds of a x86 architecture and Apple's PPC architecture on RC5 a couple of years ago (running Linux and MacOS 8 respectively), there was a similar speed difference.

This is just the particular kind of calculation that the PPC excels at. The x86 has its strong areas, but this isn't one of them.

Re:G4 800 faster than Athlon 2Ghz?!

[chrysrobyn]

Am I missing something here? Are they claiming the 800mhz G4 is over 1.4 times as fast as an Athlon 2ghz??

You're not missing anything. For some coursework when I was in school, I ended up sending some e-mail to the dnet staff. I mentioned that I needed to design a processor on an FPGA for a class, and asked what would be "ideal". They basically said, "Take Motorola's 7400 specs, that's the ideal processor."

The Velocity Engine / AltiVec / VMX engine really was good at processing multiple keys (2?) simultaneously, and conducting the XOR rotates in record clock cycles (if I remember correctly). The processor architecture itself is mostly 1993 technology (PowerPC 603), but the vector engine is what makes it worth its weight in sand for some specific tasks.

Now, what will I do with my dual 500MHz G4?

Re:G4 800 faster than Athlon 2Ghz?!

[nelsonal]

You will probably calculate OGRs unless you change your settings.

Re:G4 800 faster than Athlon 2Ghz?!

[BlueArchon]

G4s are faster on RC5, I tried it on a 667 Mhz G4 and a 1.4Ghz thunderbird, the G4 was about 25% faster... But then again on the distributed.nets OGR challenge the thunderbird was a lot faster...

Re:G4 800 faster than Athlon 2Ghz?!

Simple: The G4's architecture loves RC5.

More registers, you see. The whole loop would be more optimised. An x86 cpu would have to go all the way to the data cache on the stack at least once every round, and although modern x86 cpus are very superscalar, using extra, hidden registers as a kind of L0-cache, RC5 just isn't very efficient on them - not to blame them in any way, it's just that they weren't designed with cryptographic algorithms, and other very tight, register and logic-intense loops, in mind - they work better on more usual code, with conditional branches, more complex loops, and so on.

MMX, SSE and so on are the only attention paid to this sort of thing, and even then they aren't _always_ that useful, as crypto algorithms in particular use unusual transforms that the specific optimisations and gains of MMX and SSE do little to assist - they work better for simple, pure vector/matrix operations (say, 3D transforms, or very, very small FFTs), which they were designed for.

Re:G4 800 faster than Athlon 2Ghz?!

Are they claiming the 800mhz G4 is over 1.4 times as fast as an Athlon 2ghz ... At testing RC5-64 keys, it probably is.

What, can't take it, monkey-eating PC boy?

Re:G4 800 faster than Athlon 2Ghz?!

[The_Dougster]

Yeah the G4's really smoke on DNet. What I always thought would be cool would be to figure out how to run it on my GeForce2 card using the triangle processors when I'm not playing Quake.

Re:G4 800 faster than Athlon 2Ghz?!

[be-fan]

The altivec unit in the G4 has a vector permute unit that's really useful for RC5, less useful for other things.

Re:G4 800 faster than Athlon 2Ghz?!

[Insanity]

The P4 has no unit dedicated to integer rotate, which is a huge step backward from the P3. RC5 relies heavily on rotate.

But, comparing the P3 or K7 to the G4, the G4 still wipes the floor with both. The small number of registers in x86 really hurts here.

Here is a client speeds database.

Re:G4 800 faster than Athlon 2Ghz?!

[FyRE666]

The P4 has no unit dedicated to integer rotate

Eh? I thought every modern (or old) CPU had byte/word/dword shifts and rotates (rol/ror/shl/shr).

Re:G4 800 faster than Athlon 2Ghz?!

[Insanity]

From the distributed.net faq:

Integral to the mathematics of the RC5 algorithm are 32-bit rotate operations.

For whatever reason, the designers of the IA32 (32bit Intel x86) and the PowerPC architectures decided to implement the rotate function as a hardware instruction.

Many other CPUs do not have built-in hardware rotate instructions and must emulate the operation by (at the very least) two shifts and a logical OR. This handicap is why many non-32bit-Intel and non-PowerPC computers run RC5 slower than one might expect based on real-world benchmarks. It is also the main reason why the RC5 client is a poor benchmark to use in determining the speed or performance of a particular CPU.

The P4 lacks a hardware rotate unit, otherwise known as a barrel shifter. It's the first x86 CPU since the 486 to lack one, hence my comment about it being a huge step back. It still understands the commands, it just carries them out in a less direct manner than previous Intel processors.

[OT] My professor

[HoserHead]

Er, your rant is rather mis-placed: my instructor was actually a professor of computer science, Stephen Mann. From the stories he told in class, he knows a lot about the history of CS, and was just not in the 'know' on this topic, because SETI is simply more popular than Distributed.net these days, and few people know that Distributed.net even exists - a sad thing.

Re:False positives in RC5-64 - SO IS NEXT?

[jackb_guppy]

OGR does not work for my systems. One system got a Node and processed for over a week before I turned it off and got it back to dnet. So, what is next?

Right now I am powerdown systems that ran for two extra months becuase of programming errors a DNET.

It is nice to donate time and power, but to have a meaning project to do...

Bad math

So, if Moore's Law continues to hold (a doubling of CPU power every 18 months or so), then in five years' time, computers will be, on average, 3 1/3 times faster than they are today.

2^(5/1.5) = 10.08.

In 5 years, CPU power should be 10 times what it is today.

Re:Bad math

[Pembers]

2^(5/1.5) = 10.08

D'oh! You're right. Thanks for pointing that out. Five years is 3 1/3 doublings of CPU power, not a multiplication by 3 1/3. I think I got the longer term prediction right, though. In 30 years, we might (should?) have machines that are a billion times faster than today's, and RC5-64 might be crackable on a single machine in a year and a half. Give it 10 more years after that, they'll be a hundred times faster again, and a single machine might crack the cipher in a week.

I think my other point still stands, that ciphers will increase in complexity and key length, so that the ciphers of 30 or 40 years from now will take just as long to attack by brute force as today's do.

Brrrng to be a cold RC5-64 finished?

[riflemann]

That would explain why the weathers cooling down now...

Interesting system comparisons ..

[Draoi]

From distributed.net's report;

Our peak rate of 270,147,024 kkeys/sec is equivalent to 32,504 800MHz Apple PowerBook G4 laptops or 45,998 2GHz AMD Athlon XP machines

Hmmmm..... ;)

Re:Heh ??

[malfunct]

All the project did was prove how long it took to search the keyspace, it did NOTHING to prove the strength of the algorithm. It could be that a clever person could cut the search space by examining patterns in the encoded message (the way normal codebreakers work btw). Its highly possible that with a thourough examination of the encoded text the key could have been discovered in days (doubtful).

What is an amazing result of this contest is showing just how much computing power is available in the world today.

Whoa!

Imagine a Beowulf cluster of these!

Awful use of Moore's Law...

...because it refers to transitor density ALONE, not speed of the machines. Or do you think that the current state-of-the-art PC is only around 32K times faster than the original IBM-PC--not just in raw CPU speed, but in overall throughput?

BTW: 2002-1982=20 years
20*12=240 months
240/18=15 Moore's Law cycles

Re:False positives in RC5-64 - SO IS NEXT?

Right now I am powerdown systems that ran for two extra months becuase of programming errors a DNET.
Is this English? Maybe someone with a more lenient English grammar parser can clarify what this guy means?

It is nice to donate time and power, but to have a meaning project to do...
.... to do what?

all I want to say now is

mooooooo!

Re:all I want to say now is

[Nugget]

Cows are cool. ]:8)

are you going to the meetup?

[edrugtrader]

the south bay slashdot meetup is tonight at st. johns bar in sunnyvale... the guy who made distributed.net was there for the first one, if you are reading, are you coming tonight?? $3 pitchers of beer for celebration... i better bring my credit card.

Re:are you going to the meetup?

[Nugget]

There is no "guy who made distributed.net" -- it is and has always been a collaborative effort and the product of many people's time, energy, and dedication. Even cow, himself, the reason the project was named the "Bovine RC5 Effort" (in February 1997) doesn't try to take credit for it.

Re:are you going to the meetup?

[edrugtrader]

the guy didn't take credit, and it wasn't jeff (i don't think), he was just a part of the website 'team'

What is the electricity bill?

[f97tosc]

I wonder how much the total costs of the electrical power involved in this effort was. I can imagine that it is not very efficient, with people using old power supplies, buzzing hard drives, and even montiors with some cool related screensaver.

As for the research projects, what if they could choose between (A) getting all the money spent on power for the computation or (B) getting the computation itself.

If (A) is true, then this is something that is just a cool but inefficient way of collecting donations. I hope (B) is the case, which would really mean that this is a synergetic and productive effort.

Tor

No.

[yerricde]

True, the company sponsored the contest, and asked that you try to break it, but technically speaking, couldn't they be prosecuted for it?

The DMCA's circumvention ban applies only to access control mechanisms on copyrighted works, when such mechanisms are broken without authorization. The RC5-64 encryption is not an access control mechanism on a copyrighted work.

MOD PARENT DOWN!!

[Enonu]

It's a rehash of this comment and its replies.
Damn karma whores. You aren't wanted.

Re:MOD PARENT DOWN!!

[Eil]

Idiot. The OP is one of the founders of distributed.net and has something interesting (in my opinion) to say. I only saw one other thread in this article dealing with false positives and BovineOne added to that thread *after* he made this post.

Please go be a moron elsewhere. You aren't wanted.

Okay...

So why are the keyservers still sending out packets?

Already done

[RandyOo]

In another post, someone calculated the cost at about $30,000 in electricity, assuming 300 watt power supplies.

But when you said
"all the used energy was energy that could have been saved by turning the computers off!",
you were being a little ignorant.

Did you ever stop to think that some people don't leave their computers on just to run the dnet client, and that it runs in the background as they're, say, posting a comment to slashdot? Or that the client is running on a computer that is left on 24/7 anyway, known as a server?
Silly guy...

What?

[pclminion]

The only way to crack a one-time pad is to acquire the pad. PERIOD. It doesn't matter if some guy writes a book claiming it can be done. It CANNOT be broken without the pad, no matter how many computers you have -- hell, you can't even break it with a QUANTUM computer.

There's actually a copy of the book sitting on the shelf here. Can you refer me to a page number where this bullcrap takes place, so I can debunk it?

Re:What?

IIRC, it wasn't completely broken back, just enough to read a bit of it. something about using cribs and the fact that the secretary turning the basket of numbered balls got tired of doing it quite right, so the pad wasn't completely random. In practice, though, I still don't think you could quite use this to really break back a OTP. In an otherwise pretty technically accurate book, this little bit of breaking a OTP seemed a little out of place to me, but I'll forgive it.

Posting AC cuz I can't remember my login...

Re:What?

[damiam]

I believe the cracking was done using an educated guess of the pad. The pad was created by a woman picking billiard balls, and whoever cracked it (Rudy? I don't remember) found that her picks weren't completely random.

One time pads are only uncrackable if your pads are completely random.

Re:What?

[matt_hope]

And you only ever use the pad once.
very important that.

A = plaintext 1
B = plaintext 2
X = onetime pad

A+X = A'
B+X = B'

an evesdropper knows A' and B' so
A' - B' = (A + X) - (B + X)
= A + B + X - X
= A + B

this still looks like gobbledegook but it is a very different sort of gook (or is it gobble).
Eve is now left with data formed by joining two non random pieces of data. Assumptions (educated guesses) about both A and B can be made which quickly yield info (and as anyone who's ever tried basic frequency analysis knows the moment you get a few bits from a guess the rest just starts falling into place).

Clients turn off?

[Jon+Shaft]

Well aparently the keyserevers are shut off. I have all my rc5 installations set to JUST do rc5 and not DES or OGR... and one more that I can't think of off the top of my head.

Anyhow, my client just starts, tries to connect to the server and gets and error message like the following...

[Sep 26 17:32:37 UTC] NetUpdate::Connect handshake failed. (0.168)

So atleast it's not going to sit there and make up random keys anymore. It may have been a slight security risk (possibly) but maybe dnet should've sent a special request that would show a little message when you click on the cow (or make the cow change color so you would click on it.. ie Chocolate cow) so you'd know to uninstall it if you wern't paying attention to the news.

Oh well, I've been doing rc5 since my junior year of high school and have a lot of memories of installign in, uninstalling it, taking over a friends install, and him taking over mine. It was a lot of good times for this little silly program... installing it on all the computers in high school was a blast. It was truly a great forum to bring a lot of geeks together. The Slashdot team, 2600, FreeBSD and Linux Groups... all competing in a silly encryption game. :)

Re:False positives in RC5-64 - SO IS NEXT?

[BovineOne]

Depending on the speed of your machine, OGR stubs may indeed take a very long time (many hours typically). If you have a relatively slow machine, this may indeed keep your machine busy for more than a day--just be patient. The individual size of each OGR workunit can varies greatly from one workunit to the next, by design.

Decrypt the solutions yourself

[BovineOne]

Here are some Perl scripts that make use of a modified version of Crypt::RC5 to decrypt the RC5-64 solution, the RC5-56 solution, and the RC5-64 false-positive.

http://www1.distributed.net/~bovine/perl-rc5/

Portion of Internet's data

[mmol_6453]

Wait a second...didn't I just see an article on Slashdot about how the Internet transfers about 2 TB of data per day?

105GKeys/sec * 8 bytes/key / 2TB/day * 86,400 sec/day * 100% = 35,437.5%

Those numbers don't add up. If, however, I change 2TB/day to 2TB/sec:

105GKeys/sec * 8 bytes/key / 2TB/sec * 100% = 41% of the Internet's traffic.

There's gotta be something a bit off here...My mind just doesn't want to register that almost half of the internet's bandwidth is part of a massive computer cluster.

Re:Portion of Internet's data

[Papineau]

Since the keys are sequential, you just need to give a 64 bits value to clients, plus the length that the client should check. Same thing on the return trip: start, length, result (yes/no), who (for stats). Of course it was all encrypted, so it was a bit more than those values per packet, but nowhere 105GB/s or some other insane numbers.

All in all, it's a quite small portion of the total Internat traffic. I recall an article on Slashdot about a guy in Atlanta who secretly installed the client on state's computer, and was fined for that. IIRC, it amounted to something around 100K$ per MB, or something like that (of course the fine wasn't only for the bandwidth used).

Re:Portion of Internet's data

[cdrudge]

Your assuming that they transmit every key in it's entirety. You could easily tell each client check the keys in the range of 0x0000 through 0x0FFF, another 0x1000 through 0x1999. So instead of sending 1000 keys @ 8 bytes each, you only have to send 2 keys (start and end) @ 8 bytes. Larger groups would obviously cut down the transfers even farther.

You also don't take into consideration compression.

Re:Portion of Internet's data

[jjackson]

If you have ever participated in any of their contests, this wouldn't be so mind blowing for you...

Your computer does not actually transmit a 64bit key for each key that it checks. Instead you would receive a starting key, from which your computer would start running tests on a variable range from 2^28 to 2^36 keys. Once completed, a signal that the block was complete was queued up to be transmitted back to the key servers.

In this fashion, billions of keys could be reported on with just a few bytes of traffic trasmitted.

Re:Portion of Internet's data

[mmol_6453]

Out of curiosity, what happens when a winner(or false positive) is found? Does the client return the key, or just the fact that the key was found in that block?

Re:Heh ??

[veddermatic]

I forget that every slashdot reader takes everything ever posted as LITERAL =)

It was an EXAMPLE............ then again, since you don't know if any new technology will come out in the next 5 years that will blow Moore's law out of the water. So I could be right. =P

WE JUST TURN OFF THE 100W BULB IN THE ROOM.

known plaintext...

[Nugget]

Peter Trei (the RSA mind behind the secret key challenges and the article submitter for this story) explains that the secret key challenges (DES, RC5-foo) were designed to mimic the structure of an attack on captured IPSEC traffic where one could similarly search for valid or recognizable header information.

Rather than being an unrealistic excercise, the method used to brute-force the RC5-64 and other RSA Labs secret key challenges is actually relevant for this very reason.

The scenario is not as improbable as you imply.

Re:known plaintext...

[anthony_dipierro]

That's fine, but that's an attack on a particular implementation of RC5-64, not an attack on RC5-64 itself.

Re:known plaintext...

[Nugget]

Perhaps you meant to say "instance", not "implementation". In either case, my point stands.

Can someone explain the missing bit?

[mraymer]

Okay, according to dnet's site, the key is 0x63DE7DC154F4D039, which in binary is:

11000111101111001111101110000010101010011110100110 1000000111001

Not counting the stupid space Slash is adding in there... there are only 63 bits! Why is one missing?

BTW, it works out for the false positive key Nugget mentioned: 0xBB27D52F60FD932C =

101110110010011111010101001011110110000011111101 1001001100101100

(64 bits total)

Re:Can someone explain the missing bit?

there's a leading zero

Re:Can someone explain the missing bit?

[Amazing+Quantum+Man]

I can't tell if you're a troll or not.... It has a leading '0'.

011000111101111001111101110000010101010011110100 11 01000000111001 (ignore the slashdot space behind the curtain).

Re:Can someone explain the missing bit?

[mraymer]

THANKS EVERYONE! And no I'm not a troll, but I be an retarded... ;)

Benchmarking

[user32.ExitWindowsEx]

Damn. It's over. Guess I'll have to try some other client to benchmark my Octane and my Athlon.
How many distributed clients have IRIX, Win32, and Linux/x86 versions out there?

Might be time to retire my 386

[bluGill]

I just remembered I have a 386-25 sitting on a shelf, telnet in, and sure enough, it is still running the dnet client. (This before OGR clients) Linux 2.0.36. Looks like the power company decided to reboot it 20 days ago. Nice little headles machine running off a 80Mb harddrive. Did something like 2 blocks a day.

Here's to old machines, and an operatoring system that can keep them running for years! Thank you Linus, and all the other hackers that went into making linux stable.

I guess we'll have to cure cancer now ...

... especially since ET doesn't look like he wants to be found.

Clarification

The RC5-64 encryption is not an access control mechanism on a copyrighted work.

That didn't turn out right. Let me clarify: The RC5-64 cipher can in theory be used in an access control mechanism. However, RSA's RC5-64 contest isn't such a mechanism.

Re:Clarification

[arkane1234]

So basically if the company wasn't laughing and handing them money to do it, they'd be locked up.

Sounds fair to me. As long as a corporation gives the nod, then everythings hunky doory.

We need your help!!

Now that RC5-64 is complete, please consider installing the distributed client from UD which aims to cure cancer. If you're going to donate your space CPU cycles to a project, I'd challenge you to find any other distributed computing project with as much meaning and benefit to mankind.

More information can be found here

Re:We need your help!!

[minus9]

The folding@home project has similar goals and also has clients for Linux and Mac OS X. The UD project only has a client for windows. Folding@home

At this rate

RC5-56 can now be cracked in 6 days
RC5-48 can be cracked in less than 24 hours
RC5-40 can be cracked in minutes.

Sure, switch to seti...

[Nugget]

You just wait and see who has the last laugh when SETI@home manages to detect an alien signal only to discover that it's rc5 encrypted! :)

Re:Sure, switch to seti...

Yes, well we can already do an educated guess of what is says. Something about "BASE".

Re:Sure, switch to seti...

Um, yeah, in that case someone better set up us the bomb!

Where's my nickel?

[LazyBoy]

I want my share!!!

Pathetic part....

The pathetic part of this distributed computing victory is that the solution sat around undetected for some unspecified time.

Imagine. Talking hundreds of thousands of persons to work on a problem for several years, and then not thoroughly debugging the code to detect a solution.

Boners.

This is a good question...

[VValdo]

Is anyone knowlegable enough out there to take a guess at how much power may have been used for this project in the last four years and how the energy consumption translates to pollution?

For help, consider this discussion.

Of course, to calculate this, there are some assumptions that have to be made-- how many machines were on solely for the purpose of cracking keys, how much energy on average does a machine use, and what percentage of that is used by the processor when cracking, improvements in keycracking speed and energy efficiency over four years, etc.

Anyone up for it?

W

Running dnetc on the graphic hardware

[FyRE666]

What I always thought would be cool would be to figure out how to run it on my GeForce2 card using the triangle processors when I'm not playing Quake

Probably not an option with the GF2, but I wonder if more recent chipsets could actually be used in this way? Could the data be fed in and pushed back out?!

NEWSFLASH

With the recent completion of the RC5-64 project by Distributed.net, power shortages around the globe have suddenly disappeared. CPU's are actually being left IDLE... expect power consumption to reach previous levels within a few weeks as former dnet members rush to switch their crack-racks over to SETI@home

Finally...

[exedanni]

...I can rest.

No, mod parent down!

[KFury]

Love/hate the sig. Very creative...

128-bit SSL is safe ...

[ghazban]

Assuming you don't use it with a web browser - the fundamental flaw.

Re:Somebody's closer :-P

I normally wouldn't reply like this, but I just had to tell you that that "favorite color model: tyra banks" post was classic.

cheers!

Next Challenge: XBox sig key!

[MrByte420]

yes, yes 128 bits is a mere 2^64 times harder than rc5 64 but man wouldn't it be funny to see the look on their face when 1,000,000 slashdot junkies break their little code in a mere 1000 years.

dnet A sucsess in it's own right

[Inkwina]

I've seen many comments on what this means to security systems, but I think it demonstrates a much more important thing. This succsess has shown that large distributed Volunteer based natwork processing is actually feaisible. Aftr all SETI has nothing to show yet. Those wondering what to do with their space CPU cycles should consider seriously helping the OGR solution which has tangible aplicaions. Also,since the best use of these systems is brute force analisys of lagre packitizable (is that a real word?) data sets it would be interesting to know what other mathematical problems can be dealt with this way.

Well done to dnet!!

vector engine?

[Snover]

I hope that's not the same vector engine that they use in the PS2, because if it is, hoo boy...

LOST: RC5 block crunching machine

[EvilStein]

I left a machine turned on at one of my former jobs, and it's crunching rc5 blocks still.

I HAVE NO IDEA WHERE IT IS!

Is there any way to find out where the rogue machine is? heh..
It's submitting about 200 blocks a day. I just wish that I could FIND it...

OGR (was:FINALLY)

[martinschrder]

OGR sounds nice in theory, but the way distributed.net handles it is bullshit.

There have been no results posted for OGR-24 yet, i.e. we still don't know if this exercise made any sense.

Yes, it was worthwhile.

[_xeno_]

OR:

We learned how to create a giant distributed network and how to divide large amounts of computationally intensive work to potentially hostile clients in such a fashion so as to ensure that blocks of work were actually completed, allowing newer distributed networks that actually attempted to solve better problems.

Distributed.net was interesting because of the method, not because of the actual solution. Yes, we knew it would be possible. But this really shows that it is indeed possible to create a working implementation, and that people very well might be willing to give away CPU cycles to a common goal. Yeah, breaking RC5 may not have been that interesting or useful, but demonstrating and creating a functional distributed network definately is.

IRC Forum Logs

[drwiii]

We've got the DCTI forum logs up if anyone missed the IRC chat.

Last Post!

[alpg]

What the deuce is it to me? You say that we go around the sun. If we went
around the moon it would not make a pennyworth of difference to me or my work.
-- Sherlock Holmes, "A Study in Scarlet"

- this post brought to you by the Automated Last Post Generator...