Slashdot Mirror
Crack the Code and Win a Million Bucks
JS_RIDDLER noted a Toronto Star article about a sort of contest to
crack some encryption and win a million bucks. The article is a bit fluffy, but it getst the point across... we wasted all those RC5 keys ;)
Encryption. What's it all about? Is it good, or is it whack?
You just can't take Linux seriously when its fronted by losers like these. Would you buy software from them? I don't think so! You Linux groupies need to find some sexy girls like her! I mean just look at this girl! Doesn't she excite you? I know this little hottie puts me in need of a cold shower! This guy looks like he is about to cream his pants standing next to such a fox. As you can see, no man can resist this sexy little minx. I mean are you telling me you wouldn't like to get your hands on this ass?!
With sexy chicks like the lovely Ceren you could have people queuing up to buy open source products. Could you really refuse to buy a copy of BSD if she told you to? Come on, you must admit she is better than an overweight penguin or a gay looking goat! Don't you wish you could get one of these? Personally I know I would give my right arm to get this close to such a divine beauty!
Join the campaign for more cute open source babes today!
... they should have left an option open for people finding holes in the ACTUAL implementation... Now only mathematicians stand a chance - go, go, go, you few good number theoretisists not employed by the NSA! =-= insert favorite conspiricy theory here =-=
I find that I'm most motivated to do math after screwing. Anyone else experience this phenomenon?
it's really a one time pad. =)
"And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
The code is 42!
What ever happened to the DMCA? That $1M is going to dissolve rather quickly when said coder realizes he has a lot of legal fees to pay.
No reverse engineering and cracking, kids.
They are using keys that sound big 168 bits, 256 bits, etc. But those aren't really that big, only 21 bytes and 32 bytes respectively. These sentences are longer than those keys.
Then I note that UNIX limits passwords to 8 bytes. A measly 64 bits.
I don't think I can sleep well knowing that all that stands between my data and some hacker is such a small string.
I have been pwned because my
Surely anything can be cracked if enough brute force is chucked at it. Admitally it might take years bt it should break in time or have I missed something fundemental.
The article says that its based on a mathmatical forumla surely it can be broken
Rus
CPanel + Root from $35/mo - 10% off with discount code SLASHDOT
http://www.cs.uct.ac.za/courses/CS400W/NIS/papers0 0/mlesaoan/paper.html
'Internet! Is that thing still around?' - Homer Simpson
If it were easy, do you think you'd get 1 million for solving it? RSA gives a few thousand for RSA-1024+ but this is one million! Quite a difference...
Your keys are safe, assuming you don't use the same one as the test does.
The contest website doesn't mention a $1M prize, but from the "details" pdf, it looks like you can earn the $1M prize by solving 19 smaller problems, each with their own bounty. $30k for an "infeasable" problem seems a little low to me... I imagine the mob may pay more ;-)
From the pdf: The 109-bit Level I challenges are feasible using a very large network of computers. The 131-bit Level I challenges are expected to be infeasible against realistic software and hardware attacks, unless of course, a new algorithm for the ECDLP is discovered.
The Level II challenges are infeasible given today's computer technology and knowledge. The elliptic curves for these challenges meet the stringent security requirements imposed by existing and forthcoming ANSI banking standard
Challenge Field-size(in-bits) Estimated-number-of-machine-days Prize(US$)
Elliptic curves over f2^m - Exercises:
ECC2-79 79 352 Handbook of Applied Cryptography & Maple V software
ECC2-89 89 11278 Handbook of Applied Cryptography & Maple V software
ECC2K-95 97 8637 $ 5,000
ECC2-97 97 180448 $ 5,000
Level I challenges:
ECC2K-108 109 1.3 x 10 6 $ 10,000
ECC2-109 109 2.1 x 10 7 $ 10,000
ECC2K-130 131 2.7 x 10 9 $ 20,000
ECC2-131 131 6.6 x 10 10 $ 20,000
Level II challenges:
ECC2-163 163 6.2 x 10 15 $ 30,000
ECC2K-163 163 3.2 x 10 14 $ 30,000
ECC2-191 191 1.0 x 10 20 $ 40,000
ECC2-238 239 2.1 x 10 27 $ 50,000
ECC2K-238 239 9.2 x 10 25 $ 50,000
ECC2-353 359 1.3 x 10 45 $ 100,000
ECC2K-358 359 2.8 x 10 44 $ 100,000
Elliptic curves over Fp - Exercises:
ECCp-79 79 146 Handbook of Applied Cryptography & Maple V software
ECCp-89 89 4360 Handbook of Applied Cryptography & Maple V software
ECCp-97 97 71982 $ 5,000
Level I challenges:
ECCp-109 109 9.0 x 10 6 $ 10,000
ECCp-131 131 2.3 x 10 10 $ 20,000
Level II challenges:
ECCp-163 163 2.3 x 10 15 $ 30,000
ECCp-191 191 4.8 x 10 19 $ 40,000
ECCp-239 239 1.4 x 10 27 $ 50,000
ECCp-359 359 3.7 x 10 45 $ 100,000
HIV Crosses Species Barrier... into Muppets
...is that it uses much smaller keys with the same level of encryption. This makes it useful for handhelds and phones, and network devices. If you've never heard of this before, chances are you're already using it, too, as this is prevalent already in many of the aforementioned devices.
libertarianswag.com
Anyone with the capability to solve the math required to break the encryption might do a lot better than one million dollars.
If they were malicious, all they'd have to do was wait a year or so until the encryption was incorporated into mission-critical applications and then use their knowledge to gain access to those applications. Something tells me that THAT would be worth a lot more than the cool million they are currently offering.
A million dollars??
Let's get started! Where's that link to Cryptonomicon?
that runs factoring software on a supercomp for
a month win?
It's a Canadian company, there is no DMCA in Canada...
From the guru Bruce Schneier, Fallacy of cracking contests
Free XBox, PS2
I often hear that elliptic curve cryptography is less trustworthy than traditional number field methods, due to having received less expert scrutiny. Such arguments should be considered with a grain of salt. Just about all commercial public-key cryptography relies on the difficulty of a discrete log problem. This mathematical problem predates modern cryptography.
As discrete log gets easier, longer bit-lengths are required to keep the methods safe. Discrete logs in ordinary number groups, like Zp*, are now much easier to solve than in elliptic curve groups. The discrete log problem for ordinary groups has been getting steadily easier, due to the discovery of, and successive refinements in the Number Field Sieve (NFS) techniques. In contrast, Elliptic curve group discrete log techniques have not seen significant improvement in the past 20 years. This is good news for elliptic methods. This difference accounts for todays reduced key-size requirements for elliptic curves. With today's knowledge, bit-for-bit, elliptic curve groups seem to be a lot safer. However, this is largely a matter of efficiency, and the increased efficiency is partially offset by more complex group arithmetic.
>>esr>>
Agree or disagree, I usually at least understand Slashdot editorial comments. But I don't get "we wasted all those RC5 keys". You mean we cracked them when they could have been used? I hope not. You mean we cracked them without the promise of 1 meelion dollar bills? Ok, greedy, but I'm with you.
Seriously, how do you waste a key?
-madgeorge
If some genious did crack it, then I'd imagine an auction for exclusive license to the crack would be worth a lot more than 1 million dollars.
But how could you gaurantee to the winner that they'd only be the only one with the solution? (without dying, of course.)
These guys are screwed. I'm going to write a windows worm that causes the infected computer to become a processing node for me and use them to crack this shit lickety-split. Method of getting onto their windows machine? Click here to check it out!!!.
One time pads are uncrackable if employed correctly. But this thing surely should be vulnerable given enough time.
Free as in mason.
Quite an accomplishment, considering the NSA wasn't founded until 1952.
I think the company who came up (or rather markets) ECC [eliptic curce cryptography] should be careful about saying that ECC is more secure than RSA. RSA has stood up to A LOT of cryptanalysis, simply because of it's age. ECC might have bad keys or something else we don't know about simply because we have not have time to try all attacks yet. Who knows, tomorrow someone may find a trivial algorithm for taking the discrete logarithm on an EC (rendering ECC useless). Then again, someone may find a way of doing a simple discrete logarithm (rendering RSA useless). Both are highly unlikely, but hey -- stranger things have happened.
Basically, take a company's claim with a grain of salt. Right now I'll keep my data encrypted with something more tested (3DES anyone?).
My other car is first.
the 1 mil is in Canadian dollars.
The problem with ECC is that the "hard problem" on which its security relies is based on some non-trivial mathematics which, until recently, no-one's really been interested in. Contrast this with RSA, which is based on a comparatively easy-to-understand problem (factoring a product of two primes) which has been known about for centuries.
What this means is, it's possible (very unlikely, but possible) that the conjecture that the elliptic curve logarithm problem is very hard to solve might be proved wrong tomorrow. That is much less of a risk with RSA (although see under quantum computing, if you go in for that sort of thing).
Last time I checked, the best "brute force" algorithm to attack ECC was the Pollard rho method. Is that still true?
These sigs are more interesting tha
One million dollars split between 500,000 people is what??? TWO DOLLARS!!! Well, at least we'll be able to pay that annoying paper boy...
and we'd most certainly be happy to consider them for a lifetime position
;-)
What position are the lawyers thinking about after the break the encryption?
This SIG pulled due to lack of funding. (This damn war is costing too much!)
Gross. How many times do you use a pad?
(nor America)
Informative and Insightful posts like this one, that actually add to your knowledge rather than just quoting something that you might agree with are not that common!
Wikileaks, no DNS
Maybe this will be a good test for the new buzzword: grid computing.
This company is saying their encryption can't reasonably be brute forced with current computing, even if you got pretty much everyone on the internet (more than are currently running SETI) to start brute forcing the keys. It's harder than RSA encryption mathematics theory, on a key which is like 163 bits for the $20,000 prize, and to get a million you'd have to break the scheme for any bit length I imagine, not just the 224 bit key they mention earlier in the article.
So, unless there is a quantum leap (how ironic that quantum computing would indeed be a quantum leap) this is not some kind of Distributed project. RC5 was fairly simple bruteforcing at the end of the day.
The summary of the article is like so dumb I cannot believe it passes muster. And the million bucks are as likely to be awarded as a release of Duke Nukem Forever and Ever Amen. Nothing to see here, move along.
Conversion Rate Optimisation French / English consultant
It's a trick.
Mathwiz: "Hello? I think I may have cracked your encryption".
NSA: "Great. Just stay where you are and we'll over with you money in a second".
[40 seconds later]
Police: "Drop your weapon and step out side!"
Mathwiz: "But I'm unarmed!! Dude!"
Police: "I said DROP YOUR WEAPON".
[BLAM!]
Firstly, as mentioned, the DMCA does not apply to Canada.
Secondly, the DMCA does not apply to mechanisms not used to protect copyrighted data.
Thirdly, the DMCA does not apply if you've been invited to try to break an encryption mechanism.
There's a general uneasiness in much of the cryptographic community regarding ECC that comes from the thought that with a new and elegant cryptographic algorithm or methodology there is often a new and elegant attack that renders it worthless in practical applications. As I'm sure you realize (but others may not) the ability of a methodology to withstand conventional attacks is no indicator of long-term viability; algorithms may only be proven unsafe, not safe (except perhaps for one-time pads under certain circumstances).
I happen to hold out hope for this technique, but it takes time in the field for confidence to be built. This contest may help, but by no means is it absolute proof of the security of the technique (although one would be hard pressed to make a million dollars hoarding a working attack on ECC to themselves).
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
You could always give it to charity, it sure seems a little more fesable than looing for spacemen IMHO.
Anyone (outside patent encumbered countries) working on a Free implementation? It should be okay in the EU, for "allowing interoperability with existing products".
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
...to crack it, but as of how long it will take them. Information that is worth a lot today may be worthless tomorrow, and by next week it'll be history. So the question isn't about making a perfect encoding (we allready have one, namely 'one time pads'), but finding the best encoding for the application. Also bear in mind the rule of thumb that states that the thoughter the code, the more difficult (think CPU-cycles and batterydrain) it is to encode it in the first place. Off course, just how strong thats strong enought will change as the tools for encryption, decryption and codebreeaking gets stronger.
Remember folks, an encrypted message don't have to be unbreakable, it just has to be hard enought to break. One rule of thumb is that it should cost more to break than the one breaking it will earn on doing so.
Besides, one can learn a lot about whats going on even if you can break the code. Where does the signal originates? Where is it heading. Does it occour on a frequent basis? What is the matter of transmitting? The more you learn about the message, the more you learn about the reason it's beeing sendt - even if you don't know what it says. THEN you can often start using social enginering to gain access to the key, or better yet, to the unencrypted message.
Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
If any of you is seriously considering going at this, I recommend the well known Applied Cryptography
Slashdot has reviewed this before.
Free XBox, PS2
" The internet without goatse is like apple pie without the vanilla ice cream."
HEY TACO, WHY THE BLACKOUT ON THIS STORY?!!!
Talk about being disconnected from the community you "serve", the FCC should pull your license.
I went over to their website and parused around... Seems they did the security to XM Radio, http://www.certicom.com/download/aid-78/success_XM Radio.pdf) which humors me because XM Radio was hacked about 2 months after it went live.. All you need is a part from an old Dish Network reciever and a soldier iron.
The article mentiones that Certicom "has spent the better part of 18 years securing more than 130 ECC-related patents around the world." Yes, EEC is computationally cheaper to reach the same security level, but is it worth opening such a hornets nest?
Currently there is a project underway to crack ECC2-109. This is 'just' a $10.000 project though (half goes to the project leads and half to the two winners). There will be two winners because the trick is to find two related points which mathematicians can use to calculate the answer (Frankly, I don't even understand how exactly, see the forum for details).
Anyway, there are different clients available if you want to participate. I would suggest this client and this GUI. The project is moving to the end fairly rapidly, so you can help make the final push.
The Drowned and the Saved - Primo Levi
There are exceptions, but they are few and far between. The RSA challenges, both their factoring challenges and their symmetric brute-force challenges, are fair and good contests. These contests are successful not because the prize money is an incentive to factor numbers or build brute-force cracking machines, but because researchers are already interested in factoring and brute-force cracking. The contests simply provide a spotlight for what was already an interesting endeavor.
In this case, finding clever ways to factor ECCs is actually a number-theoretically interesting thing to do.
Oops, I forgot to mention that there is a linux client & GUI available too.
Happy cracking.
The Drowned and the Saved - Primo Levi
... i hope they realise ECC is based upon multiplication instead of exponentiation of large primes (i.e. RSA)... which means generating test keys for breaking ECC is MUCH cheaper than doing it for RSA !!!
Where is the link to the official press release, rules,etc?
I'd rather win a million legally.
I don't think cellmate Bubba would be interested in that particular crack.
Many, if not all, encryption algorithms is based upon the fact that the set of non-deterministic polynomial decision problems is not equivalent to the set of decision problems that is decidable in polynomial time.
If you want to get rich, solve P=NP and then you'll be able to crack every banking account in the world.
Is it in the Cheerios? I like Cheerios
In the grand tradition of "It came over the wire service", Slashdot posts an article about a contest that has been going on since 1997. IIRC, I bookmarked http://www.certicom.com/research/ch2.html last january (I'm not sure because I have changed computers since then). Its been long enough that Certicom has changed their website too.
ECC is interesting, although I am not 100% sure that it is as relatively strong as Certicom claims. Elliptic curves are similar to the discrete log method, which can be shown to be approximately as strong as RSA (factoring). I am not an expert in Elliptic curves, so I can't speak as to whether there are any 'shortcuts' which would reduce the problem to a discrete log one, but if so, then the ECC would be no stronger than RSA. Elliptic curves, by the way, are the same branch of mathematics which brought us the proof of Fermat's last theorem.
As has been pointed out, demonstrably crackable encryption is OK for data with an expiry date. Credit card numbers, for instance, are usually only good for 3 years or so -- you get a new number with the new card.
Still, I worry about any closed-source encryption technology. Imagine somebody coming up to you and saying in a cheesy mexican accent: "Hey, extranjero! You want to send top-secret message? No problemo, Amigo! I know secret code, so secret only me and my brother know it. You give me message, si, you dictate, one words at a time. I write it down in secrets codes and send it to my brothers. He only one in whole wides worlds who understand it. But my brother, he take it to your amigo, si, and he tell the message one word a times. Is very good. Top-secret. Only me and my brothers knows the code."
Je fume. Tu fumes. Nous fûmes!
So get ready to hit the pause button, and have pencil and paper ready.
Now imagine if they put out bounties for distributed projects that found cures for cancer, aids, the common cold, alzheimers, m.s., and thousands of other diseases. Philanthropy can only take you so far; use the "greedy" free market to drive progess even further!
I wouldn't waste a CPU cycle on this contest.
Bruce Schneier nailed the truth about cracking contests in a December 1998 article in his crypto-gram newsletter, "The Fallacy of Cracking Contests".
Here is another article he published in November 1999, "Elliptic Curve Public-Key Cryptography".
Interesting reading.
Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis
Sorry for the duplicate links :)
Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis
We have a better offer: crack the code, and get all your stuff confiscated.
My Palm VII wireless internet PDA that I bought back in 1998 (I think) advertised eliptic curve encryption. It was the first I had ever heard of it, but at the time I didn't know much about encryption at all. The box explained roughly how it worked which was a nice bonus for a 500 dollar geek toy that outlived its usefullness in just a couple years.
The Palm VII used cell band to communicate with the tower, which makes me think that this type of encryption is probably typical for any type of digital cellular service. This being said it seems rather amazing that NSA would have the means to intercept and decode communications encrypted in this manner as I have heard they do from multiple sources.
Is it realistic to believe that ANYONE (even the NSA) could crack such high level encrpytion?
Grrrrr... don't bother me, I'm thinking.
...it's just pretty decent explanatory journalism.
People in the tech community tend to forget that mainstream media is intended for a mainstream audience, and not people with deep technical knowledge. I think the article did a good job of putting the issue in context for those readers who might not be familiar with the concepts of encryption and coding.
But is it $1 million Canadian? then that is only about $500,000 US. Now its not worth that much effort. Minus taxes, plus you can't take more than $10000 across the border, time to set up a Swiss account.
Quantum computing kills both equally, the same algorithms that get RSA and discrete log can get the elliptic curve discrete log.
Test your net with Netalyzr
Don't you know? He's using the New Economy, Stupid school of venture capital. All you need to do is promise profits of 500,000%, and deliver some kind of promise, and you've got your VC
The previous sig has been removed due to
Mercury Rising
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
wouldn't be interesting a distributed project to find all the primes up to 308 digits? how many prime numbers can there be?
i can't get rid of the feeling that security
... people getting this "service" will
:) but i didn't tell.
isn't quit the saviour everybody is hoping for.
security (will) just give rise to more and
more ARBITRARINESS!
encrypting/securing utter useless chatter/data
is
just get more arrogant. they're dumb in the first
place and acctually encouriging their stupidy
is def. going to back-fire. security shouldn't
be a service you can buy but something you
yourself should be aware of ALL THE TIME!
security/encryption is an issue if you're a lazy
corporate that doesn't want to invest but
just use public infrastrucure (power-lines
anyone?). just cash in but acctually doing
nothing.
security is an issue if you're at war or the world
has gone mad (soon in theaters near you).
anyway i cracked it
methinks getting my theory confirmed (useless
chatter/data) by acctully "breaking in" is 1000
times more comforting then cashing in on a
million.
ethics are more important then money. you tend
to live longer!
But I won't take credit. For a measley hundred grand I'll tell how I did it :)
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
It seems that these two two acronyms, which are very different in meaning, are likely to show up in the context of computer-related discussions :
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Applied Cryptography doesn't have ECC
You keep right on developing that uncrackable ECC stuff. Heh. Nothing to worry about as long as no one claims the mil, right?
Of course this is all a joke. No-one has cracked anything. Posting this as an Anonymous Coward for obvious reasons. What's that dear? Champagne bath is ready? I'll be right there. Just let me hit 'Submit'...
Sooo what they are saying is generate a i state inside of a strange atractorr, emulate the same probalisty trees, and a little algebra and you can revers engineer this
Maybe you can get your crazy grandma to figure out this challenge, you know the one that dropped acid and hijacked a schoolbus full of penguins
Firstly, as mentioned, the DMCA does not apply to Canada.
But may apply to Americans taking part in the challenge.
Secondly, the DMCA does not apply to mechanisms not used to protect copyrighted data.
I understood from the article that they are already using this method to encrypt data like faxes, and that anything fixed in a medium automatically gets an implied copyright by the Berne Convention.
Thirdly, the DMCA does not apply if you've been invited to try to break an encryption mechanism.
Did we forget about the SDMI Challenge (April 21st, 2001)? I felt the chill.
Anyway, a failure to meet this challenge only says that you need to spend more than "one meellion dollars" to break the encryption. That doesn't make me feel too secure.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
It was the predecessor of NSA, the pockets of intelligence (TICOM, ASA, AFSA) which were to be transformed into the NSA at a later time.
But very little has actually changed. For instance, in 1945 the U.S. Army intelligence spied on the United Nations conference in San Francisco (the reason why it was held in the USA was to better spy on the other countries). You need not search that far in history (few years) to find out similar things from New York.
better dust off the old Captain Crunch decoder ring...
RSA is free of patents!
I didn't use the preview button, so get over it!!!!
Mike
If you run a brute-force search on it, you'll see that it is really part of a paper I wrote last year.
I demand that they pay for the copyright violation.
If you use another key, you'll see that it also includes SCO's source code.
Irene KHAAAAAAN!
It's shameful how much they brag about their patent portfolio. The RSA and Diffie-Hellman patents presented a very real impediment to the uptake of public key cryptography until very recently, when the patents finally started expiring.
And why don't we have digital cash? Well, social problems primarily, but it doesn't help that David Chaum and Stefan Brands, after developing *phenomenally* cool techniques for preserving privacy in electronic cash, carpeted the whole area with patents.
So, thanks for setting up yet another tollbooth to an empty amusement park, Certicom. You've lowered the bar for all of us.
--Just the place for a snark!
Did we forget about the SDMI Challenge (April 21st, 2001)? I felt the chill.
Sigh. Always with the SDMI.
You'll always get some idiot trying to apply an inappropriiate law. They backed down when they realised they didn't have the slightest hope of success.
Redundancy is hard to spot sometimes.
Wikileaks, no DNS
This is comparing an apple and an orange and concluding something about a strawberry.
When it comes to encryption keys, it's not the size, it's how you use it.
IT'S CANADIAN!
That's like, what, US$25?
Go to goodwill and pick up a bunch of monopoly sets for that price and save yourself the trouble!
I am sorry to be against this topic but I do seriously urge any person competent not to participate in such a bullshit test. Asking people to "crack" something while offering cash doesn't mean it's secure (which is what is implied, which is insanely stupid for people that work in security and professionnals involved in cryptography). It just proves that no one that cared to break it came over it to break it. Serious cryptographers ask people to present their work in a formalized scientific form. We have a HUGE history of crypto having get breaked and like in science, we want people to present their work and show us they did study all previous breakings and that none apply to their work. This is annoying, yes, but it's like that in science. If it's done seriously and how people expect it to be ,it will be considered seriously. No cryptographer will ever consider loosing time in such a contest unless there is a serious implication for people or the public (like voting machines for example).
We should bash this stupid annoucement that implies that "if no one breaks it it means it's secure" because that's an insult to cryptography and those that work hard in shadow to have it work properly.
This is really the kind of stuff that pisses me of :(
That paper looks like it was written by a high-schooler.
Its (your?) presentation of the attacks against ECC and RSA is terrible, especially failing to expose the number field sieve properly. If it is really too complicated, they could at least present the Quadratic Field Sieve, and if they don't want to touch number theory at all, they should at least avoid presenting brute force most thoroughly.
The paper claims that prime-checking algorithms are terribly slow and that probabilistic prime checks are slow and unreliable, which is false (once the probability of accepting a non-prime is less than that of someone guessing your key, it doesn't matter anymore; encryption is thus inherently probabilistic).
It claims that RSA keys are longer and that there are more attacks against them, which is true: they are longer precisely because there are more attacks against them. These should not both be seen as detractors against the algorithm.
It claims that RSA keys are slow to encrypt and decrypt, which is false; they are fast enough not to be noticed on anything but a busy server or a smart card. In fact, one of my classmates just did a project on embedded RSA vs ECC cryptosystems in remote sensors, and found that RSA works faster at equivalent strengths without heavily customized hardware, and ECC is only useful because the transmissions are expensive (ie power-hungry). The comment that exponentiation is expensive because you have to do an enormous number of multiplies, and that optimizations only slightly reduce the load is total BS.
While ECC is probably better than RSA for many purposes, it is not so much better as the paper you cite makes it out to be.
That ring is an access control to Capn Crunch's copyrighted Intellectual Property. You'd better explain how you came by it, DOWN AT TEH STATION. Say goodbye to your family!
With that reward money, I could afford this life-sized chocolate God, filled with an infinite number of smarties.
Of course, a quantum leap is a very small leap.
The reason for the saying is that it is a leap, with no intermediate stage. There is a before, and an after. Compared to say an object going from warm to cold - there's always intermediate stages, no matter how quickly the object is cooled.
That's why quantum computing is a quantum leap - because there's no intermediate stages between that and electronic coputing. There's a before, and an after.
Kjella
Live today, because you never know what tomorrow brings
Apparently it is
President Bush to Liberate Alaska
Why the hell does people talk about 1024 *asymmetric* crypto keys as if is was symmetric.
A 1024 bit symmetric key has 2^1024 possibilities. Which is excessive, 128 is common, 256 bit is probably safe for all future.
A 1024 bit asymmetric key depends entirely on the algorithm, but has typically nowhere near 2^1024 possibilities. RSA 5-700 bit challenges have been broken. Based on that, 1024 bit RSA is about as difficult as breaking a 128 bit symmetric key. So a factor of about 8:1.
The ECC algorithm is much tighter, but as far as I know not 1:1. That is, it's stronger than a equivalent length RSA key, but weaker than a equivalent symmetric key.
Kjella
Live today, because you never know what tomorrow brings
I've got more chance of cracking an egg.....I think.
It's quite easy to create a code that no one can crack. I've done it myself, and it was posted here at slashdot a couple of years ago. No one even came close to solving it. However, although very little math was used, it was practically unusable :-)
Here's a cipher contest for mere mortals. It's been going on since mid-december. The prize is a tin of penguin mints and a boost to your self-respect. And anyone with a decent knowledge of basic cryptography should be able to crack it.
I don't really understand why anyone uses RSA ever. For both signing and encryption there are Rabin variants faster than RSA provably as hard as factoring (and thus definitely at least as secure as RSA if not more so).
And yes, this is a "fair" contest. I'm glad that Slashdoteers have got the message that cracking contests are generally bullshit, but this is one of the exceptions - this prize genuinely fosters research rather than trying to take its place.
Xenu loves you!
American males impotent/ 0,2789,421 503,00.html
http://aftonbladet.se/vss/nyheter/story
They can't handle European females
The American male lobster can't get it on with European female lobsters. Which saves European lobster culture.
Norwegian fishermen have been catching American lobsters in the Oslo fjord, and researchers have warned that the European lobster could be threatened. But now the danger is seen as having passed. The US male is totally impotent.
When the American male spots a European female, things start out well enough - it's when it's time to put money where the mouth is that he chickens out.
The American male suddenly shows a lack of self-confidence. He doesn't seem to understand the female's anatomy.
Those aliens don't come cheap though.
But $1 Million donated to, say, FSF or EFF can go a long way towards helping more than 500,000 people.
Important info:
http://www.lifeaftertheoilcrash.net
http://dieoff.org/synopsis.htm
http://www.peakoil.net
But the more general problem is crackable also. The EFF DES cracker machine from 1998 is probably still gathering dust in John Gilmore's basement. They built it to demonstrate how irresponsibly inadequate the government's crypto export strength rules were. It took about 2-3 days for the average DES crack, and so did the distributed.net Internet cracker effort at the time. The Unix password algorithm cranks a modified DES about 25 times, so it's proportionally slower, and you can't use the same ASICs (that's deliberate), but if you wanted to build cracker hardware with FPGAs it wouldn't be too hard, or ASICs if you really want to target Unix passwords. Moore's law means that if you can talk the same number of people into running your password-cracking screensaver, you can go about 10 times as fast as in 1998, and an ASIC version would probably have a similar speedup.
Remember that there are somewhere around 100,000 - 1 million virus-infected PCs 0wned by spammers out there - if they wanted to run CPU-burners for some reason, they could, and symmetric crypto is a great match for massive parallelism with low communication rates.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
In particular, short keys make it natural to pass around the actual key, instead of some KeyID record like PGP does with RSA keys, which not only reduces the chances of Bad Things happening in your protocols, but also means you're much less dependent on keyservers; you can print the key on your business card, or include it in hex in your email signature line (see James Donald's Crypto Kong program for a nice example.)
The risk with ECC isn't brute force crackers (so the contest is mostly silly.) It's theoretical math breakthroughs - precisely because we haven't had the same depth of math concentration on ECC that we've had on factoring in the last 20 years.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
No, it doesn't make sense, which suggests that the author either doesn't get it at all or else got confused during a cut&paste. (For instance, there's a table on certicom's site that says the key length difference is 1:6 for 163-bit ECC vs equivalent 1024-bit RSA...)
Anyway, if you need adequately-strong keys, that's typically 224 bits for ECC vs. 2048 bits for RSA, and there are applications where it's easy to fit 224 bits and annoying to use 2048, such as DNS security or smart cards or email signatures. If your threat model is more relaxed, you might get away with 163-bit ECC or 1024-bit RSA, but you've got more risk that somebody's going to do interesting theoretical attacks on ECC and erode a few bits from the strength. For symmetric-key applications, you'd typically use 128-bit strength (or triple-DES at 112 bit strength, either with 2 or 3 keys.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Stupid Yankee....
Yeah, I was getting tired of that paperboy following me down those ski slopes and recreating Hitchcock-esque scenes when I tried to get into my car.
It's the 'Code that can't be cracked'....just like the Titanic, the ship that couldn't sink. Aside from the fact that making statements which you can't entirely back up with scientific proof, saying something is impervious is invoking fate's rights to Murphy's law....
--<Mike>--
I have been wanting someone to try to crack my encryption scheme.
Calling atheism and agnosticism a religion is like calling bald a hair color.
But I believe that a 168 bit key in an elliptic curve cryptsystem is roughly equivalent to a 1000 bit key in something like RSA.
And a 1000 bit prime number is no laughing matter, computationally. I believe there are something like 10^97 1000 bit prime numbers predicted by the prime number theorem. Considering there are Something like 2^60 seconds predicted since the big bang, it seems like a pretty safe key length. Assuming, of course that it is hard to calculate a discrete log over an elliptic curve, which I believe is what the contest is all about.
nothing is impossible