Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crack the Code and Win a Million Bucks

Posted by CmdrTaco on from the mod-everything-by-2 dept.

JS_RIDDLER noted a Toronto Star article about a sort of contest to crack some encryption and win a million bucks. The article is a bit fluffy, but it getst the point across... we wasted all those RC5 keys ;)

12 of 276 comments (clear)

  1. Re:I read this and wonder about UNIX by mbyte · · Score: 5, Insightful

    Most modern unix system can use 128bit MD5 or 160bit SHA1 hash algorithms (instead of the standard 56 bit unix-crypt) .. get a better unix and sleep well again :)

  2. Re:Brute force by void+warranty() · · Score: 2, Insightful

    Surely anything can be cracked if enough brute force is chucked at it.
    Not really. Trying to brute-force a message encrypted with a one-time pad will generate every possible message of the same length. You can't determine which of those messages is the true one.

  3. Re:I read this and wonder about UNIX by k98sven · · Score: 2, Insightful

    They are using keys that sound big 168 bits, 256 bits, etc. But those aren't really that big, only 21 bytes and 32 bytes respectively. These sentences are longer than those keys.

    So?
    2^64 is a big number, about 18,000,000,000,000,000,000.

    Assume your computer can hash and test a billion passwords a second. It'll take you 584 years to test all combinations, a little less than three centuries on average.

    Even the worst users out there change their passwords more often than THAT.

  4. Re:Brute force by Sique · · Score: 5, Insightful

    In theory and given enough time, yes.

    But if you can chuck all electrons of the world on it (about 10^91) and every electron is swinging with 10^15Hz, and every swing allows you to do a Yes-No-decision, you have a number cruncher that can check about 10^106 bits a second. If your key is 1024 bits long, you can check about 10^103 keys every second. There are 2^1024 different 1024 bit keys out there (about 10^320), so you need about 10^217 seconds to exhaust the key space with brute force, if you have the whole universe working as a big computer for you. A year has a little more than 30 Mio seconds, so your world computer needs 10^209 years for the task, give or take about a factor of 100 maybe. 10^211 years, 10^207 years, what's the difference anyway? :) Our current universe is about 15 billion years old, so if you had 10^197 parallel universes, and you started at the Big Bang, you may be ready with brute force by now.

    Imagine that:

    100000000000000000000000000000000000000000000000 00 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000 universes!

    --
    .sig: Sique *sigh*
  5. Re:no DMCA in Canada by k98sven · · Score: 2, Insightful

    More importantly, this is not a copyright-protection device.

    Just because the DMCA is bad doesn't mean it's a ban on all reverse engineering.

    "Know your enemy" etc..

  6. Yawn by fruey · · Score: 5, Insightful

    This company is saying their encryption can't reasonably be brute forced with current computing, even if you got pretty much everyone on the internet (more than are currently running SETI) to start brute forcing the keys. It's harder than RSA encryption mathematics theory, on a key which is like 163 bits for the $20,000 prize, and to get a million you'd have to break the scheme for any bit length I imagine, not just the 224 bit key they mention earlier in the article.

    So, unless there is a quantum leap (how ironic that quantum computing would indeed be a quantum leap) this is not some kind of Distributed project. RC5 was fairly simple bruteforcing at the end of the day.

    The summary of the article is like so dumb I cannot believe it passes muster. And the million bucks are as likely to be awarded as a release of Duke Nukem Forever and Ever Amen. Nothing to see here, move along.

    --
    Conversion Rate Optimisation French / English consultant
  7. Re:I read this and wonder about UNIX by oz1cz · · Score: 4, Insightful
    An 8-character password using 92 possible characters leaves 736 possibilities, or just over 9 bits.

    No, my friend, it's not 92*8 but 92 to the 8th power (92**8, if you like). Thats 5,132,188,731,375,616 which is a good deal more than 736.

  8. Re:RSA vs ECC by pheede · · Score: 2, Insightful

    I call an ignorant..

    RSA - and most public key systems - are extremely slow when compared to symmetric systems such as DES, AES etc.

    Sure, RSA is readily usable on desktops, but you don't need a very large key before even a simple encryption og a few kilobytes becomes an expensive operation.

    Besides, desktop computers is hardly the only environment in which encryption is used. Smart cards, which are often limited in both CPU and RAM, benefit hugely from ECC where the computing and memory overhead is much smaller. /pah

  9. The Fallacy of Cracking Contests by CognitiveFusion · · Score: 5, Insightful

    I wouldn't waste a CPU cycle on this contest.

    Bruce Schneier nailed the truth about cracking contests in a December 1998 article in his crypto-gram newsletter, "The Fallacy of Cracking Contests".

    Here is another article he published in November 1999, "Elliptic Curve Public-Key Cryptography".

    Interesting reading.

    --
    Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis
  10. Buisiness Proposal? by Xoder · · Score: 1, Insightful

    Don't you know? He's using the New Economy, Stupid school of venture capital. All you need to do is promise profits of 500,000%, and deliver some kind of promise, and you've got your VC

    --
    The previous sig has been removed due to /. protecting your best interests
  11. Key-size comparisons suck by Thuktun · · Score: 2, Insightful
    Quoth the article:
    The standard encryption level for online banking or purchases these days uses something called a secure socket layer, or SSL, which typically provides privacy between computer connections at 128 bits, an acceptable level. [...]

    A much smaller 224-bit ECC key offers the same level of encryption as 2048-bit key in the competing RSA format. In other words, a company would need 16 times stronger encryption to get the same level of protection that Certicom offers in the ECC format.
    This is comparing an apple and an orange and concluding something about a strawberry.

    When it comes to encryption keys, it's not the size, it's how you use it.
  12. this is nonense, it proves nothing but being crap by bsdcow · · Score: 2, Insightful

    I am sorry to be against this topic but I do seriously urge any person competent not to participate in such a bullshit test. Asking people to "crack" something while offering cash doesn't mean it's secure (which is what is implied, which is insanely stupid for people that work in security and professionnals involved in cryptography). It just proves that no one that cared to break it came over it to break it. Serious cryptographers ask people to present their work in a formalized scientific form. We have a HUGE history of crypto having get breaked and like in science, we want people to present their work and show us they did study all previous breakings and that none apply to their work. This is annoying, yes, but it's like that in science. If it's done seriously and how people expect it to be ,it will be considered seriously. No cryptographer will ever consider loosing time in such a contest unless there is a serious implication for people or the public (like voting machines for example). We should bash this stupid annoucement that implies that "if no one breaks it it means it's secure" because that's an insult to cryptography and those that work hard in shadow to have it work properly. This is really the kind of stuff that pisses me of :(