ECC2-109 Winners Certified
An anonymous reader writes "The ECC2-109 encryption challenge has now been broken and certified! Certicom announced on Tuesday that the winners, a team from Ars Technica and a member of TeamIMO, will both receive $2500 each for the matching distinguished pairs that has solved the elliptical curve encryption scheme."
Nahhhh.
Have you watched any reality TV? It may be reality but its reality for stupid people.
Anything intellectual means immediate ellimination. Dumb as a brick eye-candy stays and rates highly. Hypocrisy, backstabbing, lack of general knowledge and an overinflated ego equate to bonus points.
Pretty + dumb + egotistical + hypocrit + backstabbing = "reality"
These posts express my own personal views, not those of my employer
Now let's run the same test, but instead of attacking the algorithm, let's see how many hours it takes to social engineer the key :)
Is it just me, or is there no real point to these encryption challenges? Brute forcing one particular key doesn't help you attack the encryption algorithim in general, and we can already calculate about how long it will take to crack with current processors. Other than the prize money, there is no reason to participate (except maybe for bragging rights, but finding an algorithmic flaw would get you so much more). Perhaps the prize money and CPU time might be better spent searching for a cure for cancer? I know there's a distributed computing project out there that does just that (no link right now, I'm lazy), and this *is* a case where the computers are just as good at calculating numbers for cracking encryption as calculating numbers for saving lives.
More importantly there are more useful distributed computing projects. Here is a pretty good index. For example there's Folding@Home which furthers our onderstanding of proteins, which are so important in so many life processes and diseases, and fightAIDS@home which has already found a promising new drug. Or how about SETI@home? Trying to crack encryption by brute force seems like such a waste in comparison to these.
Perhaps the encryption contests are so popular just because you can win money. It's like a lottery. Maybe the only thing that could be done would be to have a cash prize for significant findings in other projects, or if who did it can't be defined due to the nature of the algorithm, maybe even just an ordinary lottery?
1) It gives you a real world baseline of what kind of current power it takes to break your keys. You can then make some educated projections about what kind of security these keys will offer in the future. Computing power has and continues to grow at a fairly predictable rate. Thus you can infer how long a specific level of key will take to crack at a given point in the future, assuming no new mathematical or processing systems. Which leads us to
2) It encourages people to try novel types of attacks. Yes, there are those that are just doing a brute attempte and they are there fore reason #1. However there are those that will try to come up with new algorithms, new hardware, or a combination, to defeat your encryption and prove it weak. This is what it's all about. You don't prove encryption strong, you continually prove that it's not weak, lending creedence to the theory that it is strong.