Crack the Code and Win a Million Bucks

JS_RIDDLER noted a Toronto Star article about a sort of contest to crack some encryption and win a million bucks. The article is a bit fluffy, but it getst the point across... we wasted all those RC5 keys ;)

Re:I read this and wonder about UNIX

[mbyte]

Most modern unix system can use 128bit MD5 or 160bit SHA1 hash algorithms (instead of the standard 56 bit unix-crypt) .. get a better unix and sleep well again :)

Re:Brute force

[Sique]

In theory and given enough time, yes.

But if you can chuck all electrons of the world on it (about 10^91) and every electron is swinging with 10^15Hz, and every swing allows you to do a Yes-No-decision, you have a number cruncher that can check about 10^106 bits a second. If your key is 1024 bits long, you can check about 10^103 keys every second. There are 2^1024 different 1024 bit keys out there (about 10^320), so you need about 10^217 seconds to exhaust the key space with brute force, if you have the whole universe working as a big computer for you. A year has a little more than 30 Mio seconds, so your world computer needs 10^209 years for the task, give or take about a factor of 100 maybe. 10^211 years, 10^207 years, what's the difference anyway? :) Our current universe is about 15 billion years old, so if you had 10^197 parallel universes, and you started at the Big Bang, you may be ready with brute force by now.

Imagine that:

100000000000000000000000000000000000000000000000 00 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000 universes!

Yawn

[fruey]

This company is saying their encryption can't reasonably be brute forced with current computing, even if you got pretty much everyone on the internet (more than are currently running SETI) to start brute forcing the keys. It's harder than RSA encryption mathematics theory, on a key which is like 163 bits for the $20,000 prize, and to get a million you'd have to break the scheme for any bit length I imagine, not just the 224 bit key they mention earlier in the article.

So, unless there is a quantum leap (how ironic that quantum computing would indeed be a quantum leap) this is not some kind of Distributed project. RC5 was fairly simple bruteforcing at the end of the day.

The summary of the article is like so dumb I cannot believe it passes muster. And the million bucks are as likely to be awarded as a release of Duke Nukem Forever and Ever Amen. Nothing to see here, move along.

Re:I read this and wonder about UNIX

[oz1cz]

An 8-character password using 92 possible characters leaves 736 possibilities, or just over 9 bits.

No, my friend, it's not 92*8 but 92 to the 8th power (92**8, if you like). Thats 5,132,188,731,375,616 which is a good deal more than 736.

The Fallacy of Cracking Contests

[CognitiveFusion]

I wouldn't waste a CPU cycle on this contest.

Bruce Schneier nailed the truth about cracking contests in a December 1998 article in his crypto-gram newsletter, "The Fallacy of Cracking Contests".

Here is another article he published in November 1999, "Elliptic Curve Public-Key Cryptography".

Interesting reading.