Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crack the Code and Win a Million Bucks

Posted by CmdrTaco on from the mod-everything-by-2 dept.

JS_RIDDLER noted a Toronto Star article about a sort of contest to crack some encryption and win a million bucks. The article is a bit fluffy, but it getst the point across... we wasted all those RC5 keys ;)

14 of 276 comments (clear)

  1. 2 bad... by internet-redstar · · Score: 5, Interesting

    ... they should have left an option open for people finding holes in the ACTUAL implementation... Now only mathematicians stand a chance - go, go, go, you few good number theoretisists not employed by the NSA! =-= insert favorite conspiricy theory here =-=

    1. Re:2 bad... by TedCheshireAcad · · Score: 5, Interesting

      Modern cryptographic algorithms are good enough - it's the protocols that need work. Security problems happen in the implementation, most of the time the algorithms are rock-solid. DES, being as old as it is, is still a pretty prominent work horse (at least in the form of 3DES). Phasing it out with Rijndael (AES) just takes alot of time and money.

      As for Elliptic Curve Cryptography as mentioned in this article - it's still in its infancy - at least compared to other ciphers. This is just a stupid publicity show. But I bet I can win that $1M with an investment of under $20.

      There is an old KGB proverb: "It is easier to break fingers than it is to break codes." So, using my $20 budget on a pipe cutter, fifty feet of rope, and an ice pick, I believe I can recover the key. ;)

    2. Re:2 bad... by CGP314 · · Score: 5, Funny

      As for Elliptic Curve Cryptography as mentioned in this article - it's still in its infancy - at least compared to other ciphers. This is just a stupid publicity show. But I bet I can win that $1M with an investment of under $20.

      How about I provide the financial backing for your plan and we split the profit.


      --
      In London? Need a Physics Tutor?

      American Weblog in London

  2. I read this and wonder about UNIX by ObviousGuy · · Score: 5, Interesting

    They are using keys that sound big 168 bits, 256 bits, etc. But those aren't really that big, only 21 bytes and 32 bytes respectively. These sentences are longer than those keys.

    Then I note that UNIX limits passwords to 8 bytes. A measly 64 bits.

    I don't think I can sleep well knowing that all that stands between my data and some hacker is such a small string.

    --
    I have been pwned because my /. password was too easy to guess.
    1. Re:I read this and wonder about UNIX by mbyte · · Score: 5, Insightful

      Most modern unix system can use 128bit MD5 or 160bit SHA1 hash algorithms (instead of the standard 56 bit unix-crypt) .. get a better unix and sleep well again :)

  3. RSA vs ECC by noelp · · Score: 5, Informative
    For those of you who are suprised at the number of bits needed to secure data using ECC compared to RSA, a good discussion can be found here

    http://www.cs.uct.ac.za/courses/CS400W/NIS/papers0 0/mlesaoan/paper.html

    --
    'Internet! Is that thing still around?' - Homer Simpson
  4. Fallacy by savagedome · · Score: 5, Informative

    From the guru Bruce Schneier, Fallacy of cracking contests

    --


    Free XBox, PS2
  5. Quick,someone start a distributed computer effort! by drfishy · · Score: 5, Funny

    One million dollars split between 500,000 people is what??? TWO DOLLARS!!! Well, at least we'll be able to pay that annoying paper boy...

  6. Re:Brute force by Entrope · · Score: 5, Informative

    I was slightly worried that this would be what Bruce Schneier calls "doghouse crypto" -- if you use it, you belong in the doghouse. The kind of companies that sell doghouse crypto usually don't say what algorithm they use, they usually use a "proprietary" (non-critically-reviewed) algorithm, and they usually don't have nearly enough knowledge to do a good review themselves. Fortunately, it's ECC, which is well known and well reviewed.

    Elliptic Curve Cryptography is, like RSA and Unix crypt, believed to be hard because it looks like a one-way door: It is easy to go in one direction, but unless you have exactly the right data (or an obscene amount of time), impossible to go in the other direction.

    Classic Unix crypt is limited by its key size to 56 bits, which makes it practical for a dedicated attack to break. RSA is limited by its structure to use keys that are related to large prime numbers; prime numbers are relatively rare. ECC shares neither of those limitations, so you get a lot more bang from your bits.

  7. Re:Brute force by Sique · · Score: 5, Insightful

    In theory and given enough time, yes.

    But if you can chuck all electrons of the world on it (about 10^91) and every electron is swinging with 10^15Hz, and every swing allows you to do a Yes-No-decision, you have a number cruncher that can check about 10^106 bits a second. If your key is 1024 bits long, you can check about 10^103 keys every second. There are 2^1024 different 1024 bit keys out there (about 10^320), so you need about 10^217 seconds to exhaust the key space with brute force, if you have the whole universe working as a big computer for you. A year has a little more than 30 Mio seconds, so your world computer needs 10^209 years for the task, give or take about a factor of 100 maybe. 10^211 years, 10^207 years, what's the difference anyway? :) Our current universe is about 15 billion years old, so if you had 10^197 parallel universes, and you started at the Big Bang, you may be ready with brute force by now.

    Imagine that:

    100000000000000000000000000000000000000000000000 00 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000 universes!

    --
    .sig: Sique *sigh*
  8. Yawn by fruey · · Score: 5, Insightful

    This company is saying their encryption can't reasonably be brute forced with current computing, even if you got pretty much everyone on the internet (more than are currently running SETI) to start brute forcing the keys. It's harder than RSA encryption mathematics theory, on a key which is like 163 bits for the $20,000 prize, and to get a million you'd have to break the scheme for any bit length I imagine, not just the 224 bit key they mention earlier in the article.

    So, unless there is a quantum leap (how ironic that quantum computing would indeed be a quantum leap) this is not some kind of Distributed project. RC5 was fairly simple bruteforcing at the end of the day.

    The summary of the article is like so dumb I cannot believe it passes muster. And the million bucks are as likely to be awarded as a release of Duke Nukem Forever and Ever Amen. Nothing to see here, move along.

    --
    Conversion Rate Optimisation French / English consultant
  9. Don't do it! by Anonymous Coward · · Score: 5, Funny

    It's a trick.

    Mathwiz: "Hello? I think I may have cracked your encryption".
    NSA: "Great. Just stay where you are and we'll over with you money in a second".

    [40 seconds later]

    Police: "Drop your weapon and step out side!"
    Mathwiz: "But I'm unarmed!! Dude!"
    Police: "I said DROP YOUR WEAPON".
    [BLAM!]

  10. XM Radio by Silicon+Mike · · Score: 5, Interesting

    I went over to their website and parused around... Seems they did the security to XM Radio, http://www.certicom.com/download/aid-78/success_XM Radio.pdf) which humors me because XM Radio was hacked about 2 months after it went live.. All you need is a part from an old Dish Network reciever and a soldier iron.

  11. The Fallacy of Cracking Contests by CognitiveFusion · · Score: 5, Insightful

    I wouldn't waste a CPU cycle on this contest.

    Bruce Schneier nailed the truth about cracking contests in a December 1998 article in his crypto-gram newsletter, "The Fallacy of Cracking Contests".

    Here is another article he published in November 1999, "Elliptic Curve Public-Key Cryptography".

    Interesting reading.

    --
    Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis