Slashdot Mirror
Crack the Code and Win a Million Bucks
JS_RIDDLER noted a Toronto Star article about a sort of contest to
crack some encryption and win a million bucks. The article is a bit fluffy, but it getst the point across... we wasted all those RC5 keys ;)
... they should have left an option open for people finding holes in the ACTUAL implementation... Now only mathematicians stand a chance - go, go, go, you few good number theoretisists not employed by the NSA! =-= insert favorite conspiricy theory here =-=
it's really a one time pad. =)
"And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
The code is 42!
What ever happened to the DMCA? That $1M is going to dissolve rather quickly when said coder realizes he has a lot of legal fees to pay.
No reverse engineering and cracking, kids.
They are using keys that sound big 168 bits, 256 bits, etc. But those aren't really that big, only 21 bytes and 32 bytes respectively. These sentences are longer than those keys.
Then I note that UNIX limits passwords to 8 bytes. A measly 64 bits.
I don't think I can sleep well knowing that all that stands between my data and some hacker is such a small string.
I have been pwned because my
http://www.cs.uct.ac.za/courses/CS400W/NIS/papers0 0/mlesaoan/paper.html
'Internet! Is that thing still around?' - Homer Simpson
If it were easy, do you think you'd get 1 million for solving it? RSA gives a few thousand for RSA-1024+ but this is one million! Quite a difference...
Your keys are safe, assuming you don't use the same one as the test does.
The contest website doesn't mention a $1M prize, but from the "details" pdf, it looks like you can earn the $1M prize by solving 19 smaller problems, each with their own bounty. $30k for an "infeasable" problem seems a little low to me... I imagine the mob may pay more ;-)
From the pdf: The 109-bit Level I challenges are feasible using a very large network of computers. The 131-bit Level I challenges are expected to be infeasible against realistic software and hardware attacks, unless of course, a new algorithm for the ECDLP is discovered.
The Level II challenges are infeasible given today's computer technology and knowledge. The elliptic curves for these challenges meet the stringent security requirements imposed by existing and forthcoming ANSI banking standard
Challenge Field-size(in-bits) Estimated-number-of-machine-days Prize(US$)
Elliptic curves over f2^m - Exercises:
ECC2-79 79 352 Handbook of Applied Cryptography & Maple V software
ECC2-89 89 11278 Handbook of Applied Cryptography & Maple V software
ECC2K-95 97 8637 $ 5,000
ECC2-97 97 180448 $ 5,000
Level I challenges:
ECC2K-108 109 1.3 x 10 6 $ 10,000
ECC2-109 109 2.1 x 10 7 $ 10,000
ECC2K-130 131 2.7 x 10 9 $ 20,000
ECC2-131 131 6.6 x 10 10 $ 20,000
Level II challenges:
ECC2-163 163 6.2 x 10 15 $ 30,000
ECC2K-163 163 3.2 x 10 14 $ 30,000
ECC2-191 191 1.0 x 10 20 $ 40,000
ECC2-238 239 2.1 x 10 27 $ 50,000
ECC2K-238 239 9.2 x 10 25 $ 50,000
ECC2-353 359 1.3 x 10 45 $ 100,000
ECC2K-358 359 2.8 x 10 44 $ 100,000
Elliptic curves over Fp - Exercises:
ECCp-79 79 146 Handbook of Applied Cryptography & Maple V software
ECCp-89 89 4360 Handbook of Applied Cryptography & Maple V software
ECCp-97 97 71982 $ 5,000
Level I challenges:
ECCp-109 109 9.0 x 10 6 $ 10,000
ECCp-131 131 2.3 x 10 10 $ 20,000
Level II challenges:
ECCp-163 163 2.3 x 10 15 $ 30,000
ECCp-191 191 4.8 x 10 19 $ 40,000
ECCp-239 239 1.4 x 10 27 $ 50,000
ECCp-359 359 3.7 x 10 45 $ 100,000
HIV Crosses Species Barrier... into Muppets
...is that it uses much smaller keys with the same level of encryption. This makes it useful for handhelds and phones, and network devices. If you've never heard of this before, chances are you're already using it, too, as this is prevalent already in many of the aforementioned devices.
libertarianswag.com
Anyone with the capability to solve the math required to break the encryption might do a lot better than one million dollars.
If they were malicious, all they'd have to do was wait a year or so until the encryption was incorporated into mission-critical applications and then use their knowledge to gain access to those applications. Something tells me that THAT would be worth a lot more than the cool million they are currently offering.
A million dollars??
Let's get started! Where's that link to Cryptonomicon?
that runs factoring software on a supercomp for
a month win?
It's a Canadian company, there is no DMCA in Canada...
From the guru Bruce Schneier, Fallacy of cracking contests
Free XBox, PS2
Surely anything can be cracked if enough brute force is chucked at it.
Not really. Trying to brute-force a message encrypted with a one-time pad will generate every possible message of the same length. You can't determine which of those messages is the true one.
Agree or disagree, I usually at least understand Slashdot editorial comments. But I don't get "we wasted all those RC5 keys". You mean we cracked them when they could have been used? I hope not. You mean we cracked them without the promise of 1 meelion dollar bills? Ok, greedy, but I'm with you.
Seriously, how do you waste a key?
-madgeorge
If some genious did crack it, then I'd imagine an auction for exclusive license to the crack would be worth a lot more than 1 million dollars.
But how could you gaurantee to the winner that they'd only be the only one with the solution? (without dying, of course.)
One time pads are uncrackable if employed correctly. But this thing surely should be vulnerable given enough time.
Free as in mason.
Quite an accomplishment, considering the NSA wasn't founded until 1952.
I think the company who came up (or rather markets) ECC [eliptic curce cryptography] should be careful about saying that ECC is more secure than RSA. RSA has stood up to A LOT of cryptanalysis, simply because of it's age. ECC might have bad keys or something else we don't know about simply because we have not have time to try all attacks yet. Who knows, tomorrow someone may find a trivial algorithm for taking the discrete logarithm on an EC (rendering ECC useless). Then again, someone may find a way of doing a simple discrete logarithm (rendering RSA useless). Both are highly unlikely, but hey -- stranger things have happened.
Basically, take a company's claim with a grain of salt. Right now I'll keep my data encrypted with something more tested (3DES anyone?).
My other car is first.
Technically true. The question is if you'll finish searching the entire keyspace before the universe blows up.
It was estimated that in 1993, you could take $1 million and build a special-purpose computer and break any 56-bit DES key in three hours. Given Moore's Law, you could probably get a few of your freinds today w/GHz-class systems and break it in a few days. However, as the bit size increases, the keyspace grows exponentially. We'd need some fundamental advances in computers to brute-force a 160-bit key before all the stars become black holes.
Not a typewriter
the 1 mil is in Canadian dollars.
The problem with ECC is that the "hard problem" on which its security relies is based on some non-trivial mathematics which, until recently, no-one's really been interested in. Contrast this with RSA, which is based on a comparatively easy-to-understand problem (factoring a product of two primes) which has been known about for centuries.
What this means is, it's possible (very unlikely, but possible) that the conjecture that the elliptic curve logarithm problem is very hard to solve might be proved wrong tomorrow. That is much less of a risk with RSA (although see under quantum computing, if you go in for that sort of thing).
Last time I checked, the best "brute force" algorithm to attack ECC was the Pollard rho method. Is that still true?
These sigs are more interesting tha
One million dollars split between 500,000 people is what??? TWO DOLLARS!!! Well, at least we'll be able to pay that annoying paper boy...
I was slightly worried that this would be what Bruce Schneier calls "doghouse crypto" -- if you use it, you belong in the doghouse. The kind of companies that sell doghouse crypto usually don't say what algorithm they use, they usually use a "proprietary" (non-critically-reviewed) algorithm, and they usually don't have nearly enough knowledge to do a good review themselves. Fortunately, it's ECC, which is well known and well reviewed.
Elliptic Curve Cryptography is, like RSA and Unix crypt, believed to be hard because it looks like a one-way door: It is easy to go in one direction, but unless you have exactly the right data (or an obscene amount of time), impossible to go in the other direction.
Classic Unix crypt is limited by its key size to 56 bits, which makes it practical for a dedicated attack to break. RSA is limited by its structure to use keys that are related to large prime numbers; prime numbers are relatively rare. ECC shares neither of those limitations, so you get a lot more bang from your bits.
and we'd most certainly be happy to consider them for a lifetime position
;-)
What position are the lawyers thinking about after the break the encryption?
This SIG pulled due to lack of funding. (This damn war is costing too much!)
Apart from the one-time pad issue that another poster mentioned you have missed the fact that it doesn't matter if something can be broken "in time" as long as that time (and cost) is vastly greater than the value of breaking it. Assuming a non-brute-force method for solving ECC is not found then it may take a million computers 100 million years to crack the 224 bit version. This in all practicality is unbreakable even if you factor in advances in computer technology.
Ooh, I wonder where you heard that. At http://banyan.cs.uiuc.edu/~ambarish/acads/IIT-Madr as/cs650/ EllipticCurveCryptography/comparison.html maybe?
In theory and given enough time, yes.
:) Our current universe is about 15 billion years old, so if you had 10^197 parallel universes, and you started at the Big Bang, you may be ready with brute force by now.
0 00 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000 universes!
But if you can chuck all electrons of the world on it (about 10^91) and every electron is swinging with 10^15Hz, and every swing allows you to do a Yes-No-decision, you have a number cruncher that can check about 10^106 bits a second. If your key is 1024 bits long, you can check about 10^103 keys every second. There are 2^1024 different 1024 bit keys out there (about 10^320), so you need about 10^217 seconds to exhaust the key space with brute force, if you have the whole universe working as a big computer for you. A year has a little more than 30 Mio seconds, so your world computer needs 10^209 years for the task, give or take about a factor of 100 maybe. 10^211 years, 10^207 years, what's the difference anyway?
Imagine that:
10000000000000000000000000000000000000000000000
Informative and Insightful posts like this one, that actually add to your knowledge rather than just quoting something that you might agree with are not that common!
Wikileaks, no DNS
Admitally it might take years bt it should break in time or have I missed something fundemental.
;)
No. It's just that you know you're in trouble when people use "age of the universe" as a unit of measurement. It'll break, it's just that it'll take so long that when you (or rather your far distant descendants) crack it, there probably won't be a great deal of point in knowing it
This company is saying their encryption can't reasonably be brute forced with current computing, even if you got pretty much everyone on the internet (more than are currently running SETI) to start brute forcing the keys. It's harder than RSA encryption mathematics theory, on a key which is like 163 bits for the $20,000 prize, and to get a million you'd have to break the scheme for any bit length I imagine, not just the 224 bit key they mention earlier in the article.
So, unless there is a quantum leap (how ironic that quantum computing would indeed be a quantum leap) this is not some kind of Distributed project. RC5 was fairly simple bruteforcing at the end of the day.
The summary of the article is like so dumb I cannot believe it passes muster. And the million bucks are as likely to be awarded as a release of Duke Nukem Forever and Ever Amen. Nothing to see here, move along.
Conversion Rate Optimisation French / English consultant
It's a trick.
Mathwiz: "Hello? I think I may have cracked your encryption".
NSA: "Great. Just stay where you are and we'll over with you money in a second".
[40 seconds later]
Police: "Drop your weapon and step out side!"
Mathwiz: "But I'm unarmed!! Dude!"
Police: "I said DROP YOUR WEAPON".
[BLAM!]
Firstly, as mentioned, the DMCA does not apply to Canada.
Secondly, the DMCA does not apply to mechanisms not used to protect copyrighted data.
Thirdly, the DMCA does not apply if you've been invited to try to break an encryption mechanism.
There's a general uneasiness in much of the cryptographic community regarding ECC that comes from the thought that with a new and elegant cryptographic algorithm or methodology there is often a new and elegant attack that renders it worthless in practical applications. As I'm sure you realize (but others may not) the ability of a methodology to withstand conventional attacks is no indicator of long-term viability; algorithms may only be proven unsafe, not safe (except perhaps for one-time pads under certain circumstances).
I happen to hold out hope for this technique, but it takes time in the field for confidence to be built. This contest may help, but by no means is it absolute proof of the security of the technique (although one would be hard pressed to make a million dollars hoarding a working attack on ECC to themselves).
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
You could always give it to charity, it sure seems a little more fesable than looing for spacemen IMHO.
Anyone (outside patent encumbered countries) working on a Free implementation? It should be okay in the EU, for "allowing interoperability with existing products".
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
That you know of. But things may be different for the NSA. Aren't they the largest employer of mathematicians in the world? I wonder why...
...to crack it, but as of how long it will take them. Information that is worth a lot today may be worthless tomorrow, and by next week it'll be history. So the question isn't about making a perfect encoding (we allready have one, namely 'one time pads'), but finding the best encoding for the application. Also bear in mind the rule of thumb that states that the thoughter the code, the more difficult (think CPU-cycles and batterydrain) it is to encode it in the first place. Off course, just how strong thats strong enought will change as the tools for encryption, decryption and codebreeaking gets stronger.
Remember folks, an encrypted message don't have to be unbreakable, it just has to be hard enought to break. One rule of thumb is that it should cost more to break than the one breaking it will earn on doing so.
Besides, one can learn a lot about whats going on even if you can break the code. Where does the signal originates? Where is it heading. Does it occour on a frequent basis? What is the matter of transmitting? The more you learn about the message, the more you learn about the reason it's beeing sendt - even if you don't know what it says. THEN you can often start using social enginering to gain access to the key, or better yet, to the unencrypted message.
Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
If any of you is seriously considering going at this, I recommend the well known Applied Cryptography
Slashdot has reviewed this before.
Free XBox, PS2
Impressive, your entire paragraphs were, word for word, copied from here
Alert, Karma whore. The only thing he changed was "You may have heard arguments" to " I often hear".
You often plagerize?
This is not entirely correct. Elliptic curve cryptography (spelled this way) is based on elliptic groups where per definition is always an inverse so you can always "go back". Getting this inverse is considered to be hard - but this is not proven yet.
In fact for the related parabolic and hyperbolic groups, there are fast algorithms for calculating and inverse. So I personally doubt that elliptic groups are save. Furthermore it's relatively unclear why the researchers cling to the elliptic setting - using the Picard groups of quartics or sextics might prove much more fruitful.
Owner of a Mensa membership card.
I went over to their website and parused around... Seems they did the security to XM Radio, http://www.certicom.com/download/aid-78/success_XM Radio.pdf) which humors me because XM Radio was hacked about 2 months after it went live.. All you need is a part from an old Dish Network reciever and a soldier iron.
The article mentiones that Certicom "has spent the better part of 18 years securing more than 130 ECC-related patents around the world." Yes, EEC is computationally cheaper to reach the same security level, but is it worth opening such a hornets nest?
Currently there is a project underway to crack ECC2-109. This is 'just' a $10.000 project though (half goes to the project leads and half to the two winners). There will be two winners because the trick is to find two related points which mathematicians can use to calculate the answer (Frankly, I don't even understand how exactly, see the forum for details).
Anyway, there are different clients available if you want to participate. I would suggest this client and this GUI. The project is moving to the end fairly rapidly, so you can help make the final push.
The Drowned and the Saved - Primo Levi
There are exceptions, but they are few and far between. The RSA challenges, both their factoring challenges and their symmetric brute-force challenges, are fair and good contests. These contests are successful not because the prize money is an incentive to factor numbers or build brute-force cracking machines, but because researchers are already interested in factoring and brute-force cracking. The contests simply provide a spotlight for what was already an interesting endeavor.
In this case, finding clever ways to factor ECCs is actually a number-theoretically interesting thing to do.
Oops, I forgot to mention that there is a linux client & GUI available too.
Happy cracking.
The Drowned and the Saved - Primo Levi
+1 Insightful or -1 Mad Scientist, that's the question... :-)
Beware: In C++, your friends can see your privates!
... i hope they realise ECC is based upon multiplication instead of exponentiation of large primes (i.e. RSA)... which means generating test keys for breaking ECC is MUCH cheaper than doing it for RSA !!!
I'd rather win a million legally.
I don't think cellmate Bubba would be interested in that particular crack.
Is it in the Cheerios? I like Cheerios
In the grand tradition of "It came over the wire service", Slashdot posts an article about a contest that has been going on since 1997. IIRC, I bookmarked http://www.certicom.com/research/ch2.html last january (I'm not sure because I have changed computers since then). Its been long enough that Certicom has changed their website too.
ECC is interesting, although I am not 100% sure that it is as relatively strong as Certicom claims. Elliptic curves are similar to the discrete log method, which can be shown to be approximately as strong as RSA (factoring). I am not an expert in Elliptic curves, so I can't speak as to whether there are any 'shortcuts' which would reduce the problem to a discrete log one, but if so, then the ECC would be no stronger than RSA. Elliptic curves, by the way, are the same branch of mathematics which brought us the proof of Fermat's last theorem.
The article says that its based on a mathmatical forumla surely it can be broken
Give this man a gold star and a job at the NSA. Where'd you get your Ph.D at buddy, your intimite knowledge of mathematics is both impressive and intimidating!
As has been pointed out, demonstrably crackable encryption is OK for data with an expiry date. Credit card numbers, for instance, are usually only good for 3 years or so -- you get a new number with the new card.
Still, I worry about any closed-source encryption technology. Imagine somebody coming up to you and saying in a cheesy mexican accent: "Hey, extranjero! You want to send top-secret message? No problemo, Amigo! I know secret code, so secret only me and my brother know it. You give me message, si, you dictate, one words at a time. I write it down in secrets codes and send it to my brothers. He only one in whole wides worlds who understand it. But my brother, he take it to your amigo, si, and he tell the message one word a times. Is very good. Top-secret. Only me and my brothers knows the code."
Je fume. Tu fumes. Nous fûmes!
Actually all I'm trying to do is crack the encryption on this nude Britney Spears pic. Thanks for tipping everyone off. - God
Track your TV Shows with your iPhone - FREE
I thought mad scientist a positive modifier.
Give me Classic Slashdot or give me death!
So get ready to hit the pause button, and have pencil and paper ready.
Now imagine if they put out bounties for distributed projects that found cures for cancer, aids, the common cold, alzheimers, m.s., and thousands of other diseases. Philanthropy can only take you so far; use the "greedy" free market to drive progess even further!
I wouldn't waste a CPU cycle on this contest.
Bruce Schneier nailed the truth about cracking contests in a December 1998 article in his crypto-gram newsletter, "The Fallacy of Cracking Contests".
Here is another article he published in November 1999, "Elliptic Curve Public-Key Cryptography".
Interesting reading.
Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis
Sorry for the duplicate links :)
Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis
We have a better offer: crack the code, and get all your stuff confiscated.
My Palm VII wireless internet PDA that I bought back in 1998 (I think) advertised eliptic curve encryption. It was the first I had ever heard of it, but at the time I didn't know much about encryption at all. The box explained roughly how it worked which was a nice bonus for a 500 dollar geek toy that outlived its usefullness in just a couple years.
The Palm VII used cell band to communicate with the tower, which makes me think that this type of encryption is probably typical for any type of digital cellular service. This being said it seems rather amazing that NSA would have the means to intercept and decode communications encrypted in this manner as I have heard they do from multiple sources.
Is it realistic to believe that ANYONE (even the NSA) could crack such high level encrpytion?
Grrrrr... don't bother me, I'm thinking.
...it's just pretty decent explanatory journalism.
People in the tech community tend to forget that mainstream media is intended for a mainstream audience, and not people with deep technical knowledge. I think the article did a good job of putting the issue in context for those readers who might not be familiar with the concepts of encryption and coding.
But is it $1 million Canadian? then that is only about $500,000 US. Now its not worth that much effort. Minus taxes, plus you can't take more than $10000 across the border, time to set up a Swiss account.
Quantum computing kills both equally, the same algorithms that get RSA and discrete log can get the elliptic curve discrete log.
Test your net with Netalyzr
It's "plagiarise", you monkey
-
Heh that's of course assuming you don't get it on your first try. :D
If you do, what do you do with all those parallel universes? Heh.
- shazow
Don't you know? He's using the New Economy, Stupid school of venture capital. All you need to do is promise profits of 500,000%, and deliver some kind of promise, and you've got your VC
The previous sig has been removed due to
Mercury Rising
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
IANAQP (I Am Not A Quantum Physicist), but as far as I understand, that's more or less what a quantum computer does: suppose a message is encrypted using a 256-bits key, the quantum computer tries to decrypt the message in 2^256 parallel universes simultaneously, each using a different key, and returns the key which yielded the required result, in the same time a normal sequential computer would require to try just 1 possible key.
Probably a gross simplification though.
wouldn't be interesting a distributed project to find all the primes up to 308 digits? how many prime numbers can there be?
i can't get rid of the feeling that security
... people getting this "service" will
:) but i didn't tell.
isn't quit the saviour everybody is hoping for.
security (will) just give rise to more and
more ARBITRARINESS!
encrypting/securing utter useless chatter/data
is
just get more arrogant. they're dumb in the first
place and acctually encouriging their stupidy
is def. going to back-fire. security shouldn't
be a service you can buy but something you
yourself should be aware of ALL THE TIME!
security/encryption is an issue if you're a lazy
corporate that doesn't want to invest but
just use public infrastrucure (power-lines
anyone?). just cash in but acctually doing
nothing.
security is an issue if you're at war or the world
has gone mad (soon in theaters near you).
anyway i cracked it
methinks getting my theory confirmed (useless
chatter/data) by acctully "breaking in" is 1000
times more comforting then cashing in on a
million.
ethics are more important then money. you tend
to live longer!
But I won't take credit. For a measley hundred grand I'll tell how I did it :)
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
It seems that these two two acronyms, which are very different in meaning, are likely to show up in the context of computer-related discussions :
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Applied Cryptography doesn't have ECC
You keep right on developing that uncrackable ECC stuff. Heh. Nothing to worry about as long as no one claims the mil, right?
Of course this is all a joke. No-one has cracked anything. Posting this as an Anonymous Coward for obvious reasons. What's that dear? Champagne bath is ready? I'll be right there. Just let me hit 'Submit'...
Sooo what they are saying is generate a i state inside of a strange atractorr, emulate the same probalisty trees, and a little algebra and you can revers engineer this
Maybe you can get your crazy grandma to figure out this challenge, you know the one that dropped acid and hijacked a schoolbus full of penguins
Firstly, as mentioned, the DMCA does not apply to Canada.
But may apply to Americans taking part in the challenge.
Secondly, the DMCA does not apply to mechanisms not used to protect copyrighted data.
I understood from the article that they are already using this method to encrypt data like faxes, and that anything fixed in a medium automatically gets an implied copyright by the Berne Convention.
Thirdly, the DMCA does not apply if you've been invited to try to break an encryption mechanism.
Did we forget about the SDMI Challenge (April 21st, 2001)? I felt the chill.
Anyway, a failure to meet this challenge only says that you need to spend more than "one meellion dollars" to break the encryption. That doesn't make me feel too secure.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
It was the predecessor of NSA, the pockets of intelligence (TICOM, ASA, AFSA) which were to be transformed into the NSA at a later time.
But very little has actually changed. For instance, in 1945 the U.S. Army intelligence spied on the United Nations conference in San Francisco (the reason why it was held in the USA was to better spy on the other countries). You need not search that far in history (few years) to find out similar things from New York.
better dust off the old Captain Crunch decoder ring...
RSA is free of patents!
I didn't use the preview button, so get over it!!!!
Mike
If you run a brute-force search on it, you'll see that it is really part of a paper I wrote last year.
I demand that they pay for the copyright violation.
If you use another key, you'll see that it also includes SCO's source code.
Irene KHAAAAAAN!
It's shameful how much they brag about their patent portfolio. The RSA and Diffie-Hellman patents presented a very real impediment to the uptake of public key cryptography until very recently, when the patents finally started expiring.
And why don't we have digital cash? Well, social problems primarily, but it doesn't help that David Chaum and Stefan Brands, after developing *phenomenally* cool techniques for preserving privacy in electronic cash, carpeted the whole area with patents.
So, thanks for setting up yet another tollbooth to an empty amusement park, Certicom. You've lowered the bar for all of us.
--Just the place for a snark!
Did we forget about the SDMI Challenge (April 21st, 2001)? I felt the chill.
Sigh. Always with the SDMI.
You'll always get some idiot trying to apply an inappropriiate law. They backed down when they realised they didn't have the slightest hope of success.
You sir are a sick and disgusting fuck. And I eat my own poop so that means alot coming from me.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
Redundancy is hard to spot sometimes.
Wikileaks, no DNS
This is comparing an apple and an orange and concluding something about a strawberry.
When it comes to encryption keys, it's not the size, it's how you use it.
IT'S CANADIAN!
That's like, what, US$25?
Go to goodwill and pick up a bunch of monopoly sets for that price and save yourself the trouble!
I am sorry to be against this topic but I do seriously urge any person competent not to participate in such a bullshit test. Asking people to "crack" something while offering cash doesn't mean it's secure (which is what is implied, which is insanely stupid for people that work in security and professionnals involved in cryptography). It just proves that no one that cared to break it came over it to break it. Serious cryptographers ask people to present their work in a formalized scientific form. We have a HUGE history of crypto having get breaked and like in science, we want people to present their work and show us they did study all previous breakings and that none apply to their work. This is annoying, yes, but it's like that in science. If it's done seriously and how people expect it to be ,it will be considered seriously. No cryptographer will ever consider loosing time in such a contest unless there is a serious implication for people or the public (like voting machines for example).
We should bash this stupid annoucement that implies that "if no one breaks it it means it's secure" because that's an insult to cryptography and those that work hard in shadow to have it work properly.
This is really the kind of stuff that pisses me of :(
That paper looks like it was written by a high-schooler.
Its (your?) presentation of the attacks against ECC and RSA is terrible, especially failing to expose the number field sieve properly. If it is really too complicated, they could at least present the Quadratic Field Sieve, and if they don't want to touch number theory at all, they should at least avoid presenting brute force most thoroughly.
The paper claims that prime-checking algorithms are terribly slow and that probabilistic prime checks are slow and unreliable, which is false (once the probability of accepting a non-prime is less than that of someone guessing your key, it doesn't matter anymore; encryption is thus inherently probabilistic).
It claims that RSA keys are longer and that there are more attacks against them, which is true: they are longer precisely because there are more attacks against them. These should not both be seen as detractors against the algorithm.
It claims that RSA keys are slow to encrypt and decrypt, which is false; they are fast enough not to be noticed on anything but a busy server or a smart card. In fact, one of my classmates just did a project on embedded RSA vs ECC cryptosystems in remote sensors, and found that RSA works faster at equivalent strengths without heavily customized hardware, and ECC is only useful because the transmissions are expensive (ie power-hungry). The comment that exponentiation is expensive because you have to do an enormous number of multiplies, and that optimizations only slightly reduce the load is total BS.
While ECC is probably better than RSA for many purposes, it is not so much better as the paper you cite makes it out to be.
That ring is an access control to Capn Crunch's copyrighted Intellectual Property. You'd better explain how you came by it, DOWN AT TEH STATION. Say goodbye to your family!
With that reward money, I could afford this life-sized chocolate God, filled with an infinite number of smarties.
Of course, a quantum leap is a very small leap.
The reason for the saying is that it is a leap, with no intermediate stage. There is a before, and an after. Compared to say an object going from warm to cold - there's always intermediate stages, no matter how quickly the object is cooled.
That's why quantum computing is a quantum leap - because there's no intermediate stages between that and electronic coputing. There's a before, and an after.
Kjella
Live today, because you never know what tomorrow brings
No. It's just that you know you're in trouble when people use "age of the universe" as a unit of measurement. It'll break, it's just that it'll take so long that when you (or rather your far distant descendants) crack it, there probably won't be a great deal of point in knowing it.
At that point, it's simpler to use the Caveman attack:
Walk over, beat subject about the cranium with a stout cudgel, and take the subject's computer containing the keys.
Apparently it is
President Bush to Liberate Alaska
Why the hell does people talk about 1024 *asymmetric* crypto keys as if is was symmetric.
A 1024 bit symmetric key has 2^1024 possibilities. Which is excessive, 128 is common, 256 bit is probably safe for all future.
A 1024 bit asymmetric key depends entirely on the algorithm, but has typically nowhere near 2^1024 possibilities. RSA 5-700 bit challenges have been broken. Based on that, 1024 bit RSA is about as difficult as breaking a 128 bit symmetric key. So a factor of about 8:1.
The ECC algorithm is much tighter, but as far as I know not 1:1. That is, it's stronger than a equivalent length RSA key, but weaker than a equivalent symmetric key.
Kjella
Live today, because you never know what tomorrow brings
I've got more chance of cracking an egg.....I think.
I've always called that the "unrefined brute force" method ;)
It's quite easy to create a code that no one can crack. I've done it myself, and it was posted here at slashdot a couple of years ago. No one even came close to solving it. However, although very little math was used, it was practically unusable :-)
Here's a cipher contest for mere mortals. It's been going on since mid-december. The prize is a tin of penguin mints and a boost to your self-respect. And anyone with a decent knowledge of basic cryptography should be able to crack it.
I don't really understand why anyone uses RSA ever. For both signing and encryption there are Rabin variants faster than RSA provably as hard as factoring (and thus definitely at least as secure as RSA if not more so).
And yes, this is a "fair" contest. I'm glad that Slashdoteers have got the message that cracking contests are generally bullshit, but this is one of the exceptions - this prize genuinely fosters research rather than trying to take its place.
Xenu loves you!
Getting this inverse is considered to be hard - but this is not proven yet.
Nobody has proven you can't have an efficent algorithm for factoring large prime numbers, either. Though in that case, people have been trying to solve the problem for centries, and the added incentive of breaking RSA hasn't produced a breakthrough, either.
Not a typewriter
Those aliens don't come cheap though.
But $1 Million donated to, say, FSF or EFF can go a long way towards helping more than 500,000 people.
Important info:
http://www.lifeaftertheoilcrash.net
http://dieoff.org/synopsis.htm
http://www.peakoil.net
How long did it take to create the code, and with what technology? Maybe no more than a few years, and with today's technology and older. Humans are flawed, and therefor this code will be imperfect. Find the human flaw in creating it, and you have your key. There are a very limited number of ways in which the code could have been chosen. Much less than one billion ways. Why waste time checking every singal posibility when you can generalize human flaws and guess the code quite easily. These people are not God's, and they are working wih very limited technology. The code can be cracked, and so it shall.
Dollar Highway Financial News
But the more general problem is crackable also. The EFF DES cracker machine from 1998 is probably still gathering dust in John Gilmore's basement. They built it to demonstrate how irresponsibly inadequate the government's crypto export strength rules were. It took about 2-3 days for the average DES crack, and so did the distributed.net Internet cracker effort at the time. The Unix password algorithm cranks a modified DES about 25 times, so it's proportionally slower, and you can't use the same ASICs (that's deliberate), but if you wanted to build cracker hardware with FPGAs it wouldn't be too hard, or ASICs if you really want to target Unix passwords. Moore's law means that if you can talk the same number of people into running your password-cracking screensaver, you can go about 10 times as fast as in 1998, and an ASIC version would probably have a similar speedup.
Remember that there are somewhere around 100,000 - 1 million virus-infected PCs 0wned by spammers out there - if they wanted to run CPU-burners for some reason, they could, and symmetric crypto is a great match for massive parallelism with low communication rates.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
In particular, short keys make it natural to pass around the actual key, instead of some KeyID record like PGP does with RSA keys, which not only reduces the chances of Bad Things happening in your protocols, but also means you're much less dependent on keyservers; you can print the key on your business card, or include it in hex in your email signature line (see James Donald's Crypto Kong program for a nice example.)
The risk with ECC isn't brute force crackers (so the contest is mostly silly.) It's theoretical math breakthroughs - precisely because we haven't had the same depth of math concentration on ECC that we've had on factoring in the last 20 years.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
No, it doesn't make sense, which suggests that the author either doesn't get it at all or else got confused during a cut&paste. (For instance, there's a table on certicom's site that says the key length difference is 1:6 for 163-bit ECC vs equivalent 1024-bit RSA...)
Anyway, if you need adequately-strong keys, that's typically 224 bits for ECC vs. 2048 bits for RSA, and there are applications where it's easy to fit 224 bits and annoying to use 2048, such as DNS security or smart cards or email signatures. If your threat model is more relaxed, you might get away with 163-bit ECC or 1024-bit RSA, but you've got more risk that somebody's going to do interesting theoretical attacks on ECC and erode a few bits from the strength. For symmetric-key applications, you'd typically use 128-bit strength (or triple-DES at 112 bit strength, either with 2 or 3 keys.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Stupid Yankee....
Your opinions fascinate me, and I'd like to subscribe to your newsletter.
>>These people are not God's
Are you saying that they're with the other side?
Yeah, I was getting tired of that paperboy following me down those ski slopes and recreating Hitchcock-esque scenes when I tried to get into my car.
It's the 'Code that can't be cracked'....just like the Titanic, the ship that couldn't sink. Aside from the fact that making statements which you can't entirely back up with scientific proof, saying something is impervious is invoking fate's rights to Murphy's law....
--<Mike>--
I have been wanting someone to try to crack my encryption scheme.
Calling atheism and agnosticism a religion is like calling bald a hair color.
Maybe they're with the Brute Force.
But I believe that a 168 bit key in an elliptic curve cryptsystem is roughly equivalent to a 1000 bit key in something like RSA.
And a 1000 bit prime number is no laughing matter, computationally. I believe there are something like 10^97 1000 bit prime numbers predicted by the prime number theorem. Considering there are Something like 2^60 seconds predicted since the big bang, it seems like a pretty safe key length. Assuming, of course that it is hard to calculate a discrete log over an elliptic curve, which I believe is what the contest is all about.
nothing is impossible