Slashdot Mirror
RC5-64 Success
Peter Trei writes "After over four years of effort, hundreds of
thousands of participants, and millions of
cpu-hours of work, Distributed.net has brute forced the key to RSA Security's 64 bit encryption challenge, winning a US$10,000 prize. Still outstanding Challenges carry prizes as high as $200,000. RSA's PR release is here. d.net's site has not yet been updated." Update: 09/26 16:59 GMT by CN : The good folks over at SlashNET are having a forum with the distributed.net crew on Saturday at 21:00 UTC. It'll be a great time to meet some of the people who made this possible.
While it's debatable that the duration of this project does much to devalue the security of a 64-bit RC5 key by much, we can say with confidence that RC5-64 is not an appropriate algorithm to use for data that will still be sensitive in more than several years' time.
:)
Heh, it took a world-wide effort of thousands of computers over 1700 days. I don't think there is any debate at all; they proved the opposite of what they set out to prove.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
While this is an admirable achievement, I found another distributed computing project which I think is more worthwhile -- namely, Folding @Home, which is a distributed protein-folding simulation effort. This is the kind of research that will end up curing things like Alzheimer's, and I think it's a better use of your processing time than brute-forcing encryption keys (or even SETI, or Primenet). I encourage everyone to participate in F@H instead, as I think it will provide a greater benefit to us all in the long run.
/. may need to be reminded that they are indeed free to run whatever distributed computing software they feel like; I am merely requesting that they run this one.
Of course, some on
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
That's what has to be considered in all of this.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
- They know exactly how insecure RC5-64 is. They want other IT groups, industry groups and tech managers to know it. The easiest way to do that is to offer open challenges with cash prizes. It's never hard for RSA to up their bit-length to 4096, say, a year before 2048 RSA is broken, and someone collects their $200,000. It is hard to make PHBs understand that RC5-64 is not secure if nobody has broken it.
Secondly, Distributed.net clearly isn't doing it for the cash. I didn't do it for the cash, either. (Although I wouldn't have minded winning.) They're doing it because:- Breaking codes gives nerds their kicks.
- Building a distributed computing architecture is a difficult and interesting problem.
With current technology, as RSA likes to demonstrate, the winners are the cryptographers, not the cryptologists (the code breakers.) Quantum computing may change that, and make the cryptologists the winners. Until then, RSA can happily give cash prizes for increasing length keys: the numbers are on their side.In one of my CS classes, we were discussing distributed computing, and a question of any well-known distributed computing projects was asked. I answered "Distributed.net" - and the instructor promptly asked "What's that?" The next student to respond, of course, said SETI: the answer he was looking for.
Maybe I'm biased, as the former maintainer of distributed-net for Debian, but has Distributed.net really become this unimportant and forgotten?
In the process, we have learned absolutely nothing. It's like a game where I say "I'm thinking of a place, can you guess where it is?" Then hundreds of thousands of you would send in guesses, and eventually you would get it. What a pointless exercise that would be! I'm sorry, but I don't see the difference here. In a way this is even less interesting, because you know that sometime the code will crack. There is no element of surprise at all in the results, and once we have it, we learn... nothing at all.
In the process, how much electricity do we waste chugging through the code? Did one of you clever people calculate how many fewer tons of CO2, soot and radioactive waste would have been produced if you had just left your Athlons turned off? How about all the air conditioners you used to cool the rooms the Athlons live in?
For the next challenge, I suggest that you just pretend your CPU is working, and in a few months (time determined randomly according to the probability of cracking if your computers had been on), the guy who issued the challenge will pretend that his code was cracked and announce what his oh-so-important secret message was. That would sure make me happier--and it's not like we'd lear any less that way.
(Notice also that my criticism doesn't apply to SETI or protein folding projects. At least they give us a chance of finding out something.)
300 Watts * 1 million hours = 300,000 kilowatt hours. 300,000 kilowatt hours * $0.10 = $30,000.
I wonder how many U.S. and Iraqi soldiers died to make this great display of wasted energy possible.
copyrights or patents?
Anyone with a bit of skill can code their own RC5 code... I know I did it. However, there are US patents on the RC5 algorithm...
Tom
Someday, I'll have a real sig.
ASCI White (or, even better, Japan's new super computer) could probably crack RC5-64 in a matter of hours.
Hardly. We're talking about a third of a million participants taking 4 years here. Unless someone's developed a time machine and built ASCI from some future technology it's not that fast! (remember, many participants were science labs or other groups utilising several, sometimes hundreds of machines).
Now we should see project OGR really kick into gear!
Code, Hardware, stuff like that.
I remember when this first started out they believed it would take about 1000 years to crack.
Probably because the scalability of a distributed computing system was underestimated. Know this, it took a boatload of CPU time to crack this thing---just as predicted. What was not properly estimated was how much parallelism would be achieved.
There's a lot of interesting information that comes from this aside from the actual problem being attacked.
From a cryptography science, none at all. This project added absolutely nothing to our knowledge of cryptography.
All of the interesting information learned was in the area of designing, organizing, and managing a distributed computing network, and the potential CPU power such as system could harness. That exact same knowledge could be gained attacking an exhaustive-search problem with some genuinely useful outcome, like protein folding perhaps.
Of course, ASCI White (or, even better, Japan's new super computer) could probably crack RC5-64 in a matter of hours.
According to D.Net's press release, the peak rate achieved by D.Net on this effort was equivalent to ~46,000 2GHZ Athlon XP's working in tandem. Can even ASCI White or Japan's supercomputer match this sort of processing power?
I'll admit that the RC5-64 project had very little practical use, but it was a heck of a proof-of-concept in terms of people's willingness to donate vast amounts of CPU time and the staggering amount of otherwise-wasted computing power that's out there and waiting to be utilized.
I'd stuck with D.Net over the years even as more useful distributed applications cropped up, out of some sort of loyalty since I'd already invested so much (CPU) time in it. Now, I think I'll pick a more "useful" application like protein folding or something to occupy my spare cycles...
OtakuBooty.com: Smart, funny, sexy nerds.
Seriously though, can anyone tell me what the attraction to the d.net project was? It seems like a colossal waste of cycles to me. Everyone knew it was going to be successful, it was just a matter of wasting enough time to eventually find the right block.
Now that it's over, what do we have to show for it? A whole lot of nothing it seems.