Brute Force

← Back to Stories (view on slashdot.org)

Posted by timothy on Thursday September 8, 2005 @10:00AM from the gruntwork dept.

ijones writes "Brute Force, by Matt Curtin, is about an event that many Slashdotters will remember: the cracking of the Data Encryption Standard. In June of 1997, a 56-bit DES key was discovered, and its encrypted message decoded, by an ad-hoc distributed network of computers, cooperating over the Internet. Four and a half months earlier, RSA had issued a challenge to the cryptography community, offering $10,000 to the first group to crack a 56-bit DES encrypted message. In Brute Force, Matt Curtin offers his first-hand account of the DESCHALL team's winning effort." Read on for the rest of Jones' review. Brute Force: Cracking the Data Encryption Standard author Matt Curtin pages 291 publisher Copernicus Books rating 9 reviewer Isaac Jones ISBN 0387201092 summary Volunteers working collaboratively over the internet manage to crack the Data Encryption Standard.

Although I wasn't involved with the DES cracking challenge, I am friends with the author of this book. I took a Lisp course from Matt at Ohio State University and I'll be forever grateful that Matt introduced me to functional programming with a great deal of humor and enthusiasm. I don't think I've ever seen Matt stay so serious for so long, but his enthusiasm comes through clearly in this book.

Brute Force can be enjoyed by both nerds and non-nerds interested in cryptography or codes. Those who have been a part of this or subsequent DES challenges may be particularly interested in this book. Curtin covers some technical details of DES and the brute force attack that the DESCHALL team used to discover a DES key. He also discusses the political and historical significance of this event. This is a fairly technical book, but it goes out of its way to explain non-obvious technical topics, so one doesn't need a lot of technical background to understand it.

Curtin briefly explains a lot of stuff: the C programming language, firewalls, UDP, one-time pads, protected memory, etc., in order to make this book readable for novices. Although I generally did not need such explanations, I did not find them annoying or distracting, as they were fairly brief. In fact, it's fun to read concise explanations of such topics. Occasionally, Curtin does go into just a little too much detail. The chapter on Architecture gives an explanation of some of the many pieces of software that were involved in this effort. This chapter sometimes gets a bit bogged down with explanations of useful scripts that folks wrote to analyze data or forward packets through firewalls.

Brute Force is a very readable and enjoyable book. It is well organized as a narrative, though it is not chronological; Curtin presents the background and substance to each aspect of the story together, rather than chronologically. This can be slightly confusing sometimes, but I think it improves the over-all flow of the story.

In a way, Curtin gives away the ending to the book at the beginning (and in the title), but this isn't ancient history, and most readers will probably already know that DES was defeated by this effort. He still manages to maintain a good sense of suspense throughout the book. He presents tables and analysis of the effort, along with predictions about completion dates that volunteers had made at the time. Unfortunately, he doesn't tell us whether those tables turned out to be correct. What percentage of the keyspace was searched by Macintoshes? How many different kinds of client machines were there in the end? Did Ohio State University try more keys than Oregon State University? Which one is the real OSU?

One of the main themes running throughout the book was that of community. The DESCHALL project was made up of thousands of volunteers from all over the US. Anyone with some spare CPU cycles could get involved by downloading the client software. This may remind you of other distributed computing projects like SETI@home. The community was further broken down into sub-groups like schools who would compete for bragging rights. The organization of the DESCHALL project was much like an open source project, though the key-cracking tools were not open source. Spreading the Word is a chapter about how people started to hear about DESCHALL and what the earliest adopters were like. Some of the tables in a later chapter list the operating system and hardware that the clients were running, which was a pretty cool snapshot of the Internet from 1997. It included lots of OS/2 clients, labs full of SGI machines, and plenty of computers which were only connected to the Internet via dial-up modems. Special scripts were developed for such machines so they could phone home when they needed a new block of keys.

Though the key cracking clients were not open source, they were free as in beer, at least for Americans. Since such cryptography-related software could not be exported at the time, this was a US-only effort. There was a European team, however, with their own software, called SolNet, and Curtin keeps us updated on their progress. In fact the DESCHALL project had an impact on the political debate of this time with regard to the export and control of cryptographic technologies. Curtin gives us interesting periodic updates on the political debate as the DES cracking story moves forward. Cryptography control was defeated at that time, but the use of cryptography is a right that will need continued protection.

The political story of DESCHALL was one aspect of the historical impact of the project. Another impact was the explosion of volunteer distributed computing networks after the DESCHALL project, with SETI@home being one of the most obvious examples. DESCHALL clearly demonstrated the viability of this kind of computation. Curtin touches briefly on this here and there, but does not go into detail. I would like him to more clearly spell out the trends in Internet distributed computing. I would like to hear that DESCHALL was derived from project A and that it inspired projects B, C, and D. Was it was the original Internet distributed computing network? Was it a fad that has abated in the last few years? Curtin touches on this a bit, but says, "Some other distributed computing projects like DESCHALL were around," (pg 200.) He says which ones, but doesn't make any claims that DESCHALL inspired SETI@home, for instance. Perhaps such things are never quite clear in the free exchange of ideas on the Internet.

The political and community aspects of the story wrap up very nicely. Curtin outlines DESCHALL's impact on driving the AES standard, and its (perhaps much smaller) impact on the debates on key escrow and encryption exports. Brute Force is a very enjoyable read about an important event, and I can happily recommend my friend Matt's book to the Slashdot crowd. My only criticisms can really be summed up by saying, "I want to hear more."

You can purchase Brute Force: Cracking the Data Encryption Standard from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

76 comments

Min score:

Reason:

Sort:

For crying out loud... by luna69 · 2005-09-08 10:01 · Score: 2, Funny

> by an ad-hok distributed network

Come one..."ad-hok?"

--
No gods, no demons, and no masters. Secular Humanism!
1. Re:For crying out loud... by crushinghellhammer · 2005-09-08 10:05 · Score: 3, Funny
  
  Come one?
2. Re:For crying out loud... by Anonymous Coward · 2005-09-08 10:08 · Score: 2, Funny
  
  Come all
3. Re:For crying out loud... by Humorously_Inept · 2005-09-08 10:11 · Score: 0, Troll
  
  Whoosh!
  
  --
  
  ~Someday, I hope to be an aspiring author.
4. Re:For crying out loud... by ijones · 2005-09-08 10:22 · Score: 1
  
  Fortunately, Matt spells better than me ;)
  
  --review author
5. Re:For crying out loud... by Anonymous Coward · 2005-09-08 10:23 · Score: 0
  
  It's "common" around here, ok?
6. Re:For crying out loud... by gardyloo · 2005-09-08 10:30 · Score: 2, Funny
  
  Fortunately, Matt spells better than me ;)
  
  Unfortunately, it's "better than I." ;)
7. Re:For crying out loud... by Dirtside · 2005-09-08 11:20 · Score: 1
  
  Er, I was under the impression that in the sentence "Matt spells better than [I/me]," since "Matt" is the subject and "I/me" is the object, you use the object pronoun, which is "me."
  
  I spell better than Matt. Matt spells better than me.
  
  Both of which are really odd things to say, since my name is also Matt.
  
  --
  "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
8. Re:For crying out loud... by Anonymous Coward · 2005-09-08 11:23 · Score: 0
  
  Sometimes, I find it useful to complete the sentence. In this case:
  
  It would be "Matt spells better than I spell."
  
  Not "Matt spells better than me spell."
9. Re:For crying out loud... by fossa · 2005-09-08 11:29 · Score: 2, Funny
  
  I thought you could continue the sentance like "Matt spells better than I spell.", which clearly only works with "I", but I may be wrong.
  
  That also reminds me of one of my favorite childhood stores "Fortunately Unfortunately" or something like that...
  
  Fortunately, Matt can spell better than me.
  Unfortunately, it's "I".
  Fortunately, few people care.
  Unfortunately, one who does is my boss.
  Fortunately, my boss doesn't read slashdot.
  Unfortunately, his IT spies do.
  Fortunately, they don't know my account name.
  Unfortunately, they can sniff my http connections...
  
  Ok, that's enough.
10. Re:For crying out loud... by vcv · 2005-09-08 11:29 · Score: 1
  
  Actually, "Matt spells better than me" is right. Go ask some english experts.
11. Re:For crying out loud... by Anonymous Coward · 2005-09-08 11:37 · Score: 0
  
  No, it's not. I is correct.
  
  Think about it this way: "Matt spells better than I" is a short way of saying "Matt spells better than I do". You wouldn't say "Matt spells better than me do".
  
  I am right, I had some hardcore English instructors, and they pounded this sort of stuff into our heads until we were curled into balls in the fetal position.
12. Re:For crying out loud... by Anonymous Coward · 2005-09-08 13:49 · Score: 0
  
  Ye faithful
13. Re:For crying out loud... by Anonymous Coward · 2005-09-08 15:04 · Score: 0
  
  No, you're both correct. Neither of you know what you're talking about.
14. Re:For crying out loud... by Knetzar · 2005-09-08 17:28 · Score: 1
  
  Owner: Take this object, but beware it carries a terrible curse!
  Homer: [worried] Ooooh, that's bad.
  Owner: But it comes with a free Frogurt!
  Homer: [relieved] That's good.
  Owner: The Frogurt is also cursed.
  Homer: [worried] That's bad.
  Owner: But you get your choice of topping!
  Homer: [relieved] That's good.
  Owner: The toppings contains Potassium Benzoate.
  Homer: [stares]
  Owner: That's bad.
  
  Copied from snpp.com
15. Re:For crying out loud... by Anonymous Coward · 2005-09-08 17:47 · Score: 0
  
  > I am right, I had some hardcore English instructors, and they pounded this sort of stuff into our heads until we were curled into balls in the fetal position.
  
  That's almost certainly a sure sign you're wrong then.
  Did they also tell you not to split infinitives?
  
  "Hardcore English Instructors" spend too much time obsessing about what's "right" to pay attention to what's being used (and has been used for over a thousand years).
  Today's "Hardcore English Instructors" are the same people that would have been importing Latin words into English wholesale back in Shakespear's time, because Latin was "better".
16. Re:For crying out loud... by vcv · 2005-09-08 21:59 · Score: 1
  
  I never said "I" is wrong, asshat.
17. Re:For crying out loud... by srl100 · 2005-09-08 22:10 · Score: 1
  
  AC> "No, it's not. I is correct." Surely that should be "No, it's not. I am correct." ?
18. Re:For crying out loud... by Anonymous Coward · 2005-09-09 00:18 · Score: 0
  
  Homer: Can I go now?
19. Re:For crying out loud... by gardyloo · 2005-09-09 02:26 · Score: 1
  
  Today's "Hardcore English Instructors" are the same people that would have been importing Latin words into English wholesale back in Shakespear's time, because Latin was "better".
  
  Interesting. And how does one spell "Shakespear" in Latin?
"Come one"? by Anonymous Coward · 2005-09-08 10:04 · Score: 0

For crying out loud indeed.
Distributed.net by Tiberius_Fel · 2005-09-08 10:07 · Score: 3, Informative

For those interested in this sort of thing, http://www.distributed.net/ runs like SETI@Home - lots of small individual clients working together to brute force encryption keys.

--
Join the Empire! http://www.empirereborn.net/
1. Re:Distributed.net by WillAffleckUW · 2005-09-08 10:19 · Score: 3, Interesting
  
  For those interested in this sort of thing, http://www.distributed.net/ runs like SETI@Home - lots of small individual clients working together to brute force encryption keys.
  
  Yeah, but SETI@Home is searching for intelligent life.
  
  Distributed is searching for things that probably never should have been encrypted in the first place.
  
  When I was in the military, about 90 percent of the SECRET level documents should have been declassified to RESTRICTED or CONFIDENTIAL, and as one of the few subject matter experts, I spent a lot of time doing that because noone else could read the things that got overclassified.
  
  I mean, you can encrypt your golf scores. And some people do. Security is usually spent on the wrong areas, and not often enough on the areas that should be protected or encrypted. Just ask New Orleans what they think about mismanagement of resources ...
  
  --
  -- Tigger warning: This post may contain tiggers! --
2. Re:Distributed.net by ChrisGilliard · 2005-09-08 10:19 · Score: 1
  
  This is probably a stupid question, but why would lots of small individual clients want to crack encryption keys? (Other than stealing credit card info, etc?)
  
  --
  No Sigs!
3. Re:Distributed.net by rayde · 2005-09-08 10:45 · Score: 1
  
  it's another contest hosted by RSA... it's like $10k again, nothing major... basically people do it for the stats (it proves your technical manhood by having your name on the top 100 or whatever) I think most people understand that the contest being solved in an inevitability over time, and that their chances of actually winning money are extremely small, but it can be fun to race your friends in stats.
4. Re:Distributed.net by Duncan3 · 2005-09-08 11:09 · Score: 2, Insightful
  
  I think most everyone has moved on now. We did the key cracking, the laws got changed (which was a HUGE gain for the internet), and we won. Woohoo!
  
  Now things like protein folding have much more benefit to the world. Pick your projects carefully.
  
  --
  - Adam L. Beberg - The Cosm Project - http://www.mithral.com/
5. Re:Distributed.net by Duncan3 · 2005-09-08 11:14 · Score: 2, Informative
  
  To get the laws that said you had to use little keys changed.
  
  Back then, we couldn't even use encryption in web browsers. Try banking without that.
  
  --
  - Adam L. Beberg - The Cosm Project - http://www.mithral.com/
6. Re:Distributed.net by Obfuscant · 2005-09-08 13:08 · Score: 2, Insightful
  
  I mean, you can encrypt your golf scores. And some people do. Security is usually spent on the wrong areas, and not often enough on the areas that should be protected or encrypted.
  Encryption is generally best when it is an all-or-nothing operation. If you encrypt JUST the one file with sensitive information, you draw attention to it and make it the obvious target.
  OTH, if every file in your system is encrypted, it is a lot harder to know which files are important to break, and it will take so many more resources to accomplish.
7. Re:Distributed.net by acidblood · 2005-09-08 14:05 · Score: 1
  
  Mr. Beberg,
  
  In the interest of full disclosure, you might have pointed out that you left distributed.net in not so friendly terms with the rest of the team. Don't sweat, so did I (I joined distributed.net as a core coder after you left, so we never met.) But whenever I mention something that might be construed as negative about distributed.net in public, I try to disclaim my potential biases. Hence I'm doing this favor to you and the rest of Slashdot readers.
  
  It wouldn't hurt to mention that distributed.net is no longer about key cracking only -- even if you have a grudge against RC5-72 (I also think it's fairly pointless at this moment in time), OGR is a completely valid project.
  
  --
  Join the NFSNET. Our prime goal is making little numbers out of big ones. http://www.nfsnet.org/
8. Re:Distributed.net by Duncan3 · 2005-09-08 16:42 · Score: 1
  
  *chuckles* anyone who has been around /. long enough to know about distributed.net knows I used to run it.
  
  I have a bias against all non-productive uses of energy actually. RC5 and DES were about the legal battle, RC5-72 is just silly.
  
  --
  - Adam L. Beberg - The Cosm Project - http://www.mithral.com/
9. Re:Distributed.net by Anonymous Coward · 2005-09-09 04:35 · Score: 0
  
  Obfuscant (592200) wrote: "OTH, if every file in your system is encrypted, it is a lot harder to know which files are important to break, and it will take so many more resources to accomplish"
  
  That only is true if you are so paranoid that you use a different key for every file. If you use the same key for all files, chances are that one can recover the key using a known-plaintext attack (example: if 'home.html' is encrypted, one can guess that it starts with "!DOCTYPE HTML PUBLIC")
Servers by SquadBoy · 2005-09-08 10:07 · Score: 2, Interesting

At the ISP I was working for at the time we had this running on all the servers. It was very fun and the best part is that the CEO was in on the whole thing. Hard to find good places with a fun attitude these days. Damn shame.

--

Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
1. Re:Servers by rholliday · 2005-09-08 10:21 · Score: 1
  
  At IBM we're encouraged to run the World Community Grid program, since it's "Powered by IBM."
  
  Some of you might remember it's original incarnation, the United Devices client. UD is still involved, and it's still on the same projects, like the Human Proteome Folding Project.
  
  --
  Xbox reviews.. We think they're funny.
2. Re:Servers by RealityMogul · 2005-09-08 11:29 · Score: 1
  
  Is the ranking still based on how much "Genuine Intel" hardware you have vs. how many calculations your machine performs?
3. Re:Servers by rholliday · 2005-09-08 12:43 · Score: 1
  
  I haven't seen anything mentioning Intel.
  
  --
  Xbox reviews.. We think they're funny.
See DeCSS decrypt! Decrypt, DeCSS, decrypt! by kerohazel · 2005-09-08 10:08 · Score: 1

Maybe the author will follow up with a dozen-page illustrated children's book about how CSS was cracked.

--
Skype is too convoluted... Now I'm reverse-engineering the Kyoto Protocol.
1. Re:See DeCSS decrypt! Decrypt, DeCSS, decrypt! by r2q2 · 2005-09-08 10:11 · Score: 1
  
  Then the author would be in violation of the DMCA. That might be a problem. for the author ;-)
  
  --
  My UID is prime is yours?
2. Re:See DeCSS decrypt! Decrypt, DeCSS, decrypt! by Anonymous Coward · 2005-09-09 01:22 · Score: 0
  
  As far as I understand, CSS wasn't cracked with DeCSS.
  The creator of DeCSS copied a decryption key from another program into the code of DeCSS.
Matt... by LkDotCom · 2005-09-08 10:09 · Score: 3, Informative

Once again serving as the "missing bit in every /. editor" I'm proud to preseng (geeeeee!) something more about Matt.

He is a very weird and amusing fella ;)

--
Grammar Zealots: please spare a non-english writer (lastknight dot com)
1. Re:Matt... by Anonymous Coward · 2005-09-08 16:01 · Score: 0
  
  Matt's also happens to be the second smartest person I've ever met.
Imagine how much faster by dr_labrat · 2005-09-08 10:10 · Score: 1

it would have been if thay had used an ad-hoc network....

It would have saved 1/6 of the keyspace.

--
The secret of success is honesty and fair dealing. If you can fake those, you've got it made. (Marx)
T-shirts by Leebert · 2005-09-08 10:11 · Score: 4, Interesting

I still have my DESCHALL t-shirt. As I recall, we spent more time arguing about what the t-shirt should look like AFTER the key was recovered than we spent recovering the key. :) Here were my thoughts on the subject back then.
1. Re:T-shirts by jachim69 · 2005-09-08 11:07 · Score: 1
  
  I don't have my shirt anymore, but I do remember it well!
2. Re:T-shirts by Icepick_ · 2005-09-08 11:49 · Score: 1
  
  Wow, talk about a blast from the past.
  
  Yeah, I've got my shirt still. We really did argue about the design alot, that's for sure.
3. Re:T-shirts by crgrace · 2005-09-09 05:49 · Score: 1
  
  Can you point us to a picture of this famous t-shirt? I'm curious.
I for one welcome our new Laten Overlordz by WillAffleckUW · 2005-09-08 10:14 · Score: 2, Funny

a 56-bit DES key was discovered, and its encrypted message decoded, by an ad-hok distributed network of computers, cooperating over the Internet

At least it wasn't an ad-hocked or ad-wocked network, that might have taken longer.

Cogito ergo Zorro. Sprechen sie das Donuts? Je parle Franglish. Que pasa, dude?

--
-- Tigger warning: This post may contain tiggers! --
Brute Force?? Deep thought's... by Titus+B.+Otch · 2005-09-08 10:15 · Score: 0

succesor?
Cracking DES by btempleton · 2005-09-08 10:20 · Score: 4, Interesting

You will also want to check out Cracking DES the story of our building the real DES cracker, the machine on its own that was able to crack DES in just a couple of days, demonstrating finally that DES was not secure.

We also have a page about Cracking DES

--
Has it been over a year since you last donated to the Electronic Frontier Foundation
the real osu by Anonymous Coward · 2005-09-08 10:30 · Score: 0

is oklahoma state university, you barbaraous heathens
1. Re:the real osu by erice · 2005-09-08 11:11 · Score: 2, Funny
  
  Anonymous Coward said:
  (the real osu) is oklahoma state university, you barbaraous heathens
  
  Yeah, if I were to trumpet Oklahoma State, I would post anonymously, too.
I remember that... by M-G · 2005-09-08 10:36 · Score: 1

It was the first distributed computing project I ever took part in, and as I was just setting up a lab full of then-screaming-fast P166 boxes, it seemed like a good way to test them out...
6969 bytes in body by pc486 · 2005-09-08 10:36 · Score: 1

If everyone got their minds out of the gutter and started choosing decent key numbers I'm sure DES wouldn't be broken so quickly. ;-)
1. Re:6969 bytes in body by Anonymous Coward · 2005-09-09 05:02 · Score: 0
  
  You think? DES has a key length of 56 bits. No more, no less. That's how the algorithm works. There's tripple DES (3DES), which applies DES 3 times:
  
  c = E(D(E(p))),
  
  with: E = encryption function, D = decryption function, p = plaintext, c = ciphertext
  
  This has an equivalent key-space of 128 bits (56*3 = 168, but some of those are "redundant")
  
  However, it's 3 times slower than DES. So you get about twice the key size, at 1/3 the speed. It gets worse if you go on.
Nerds and... by MP3Chuck · 2005-09-08 10:43 · Score: 5, Funny

"Brute Force can be enjoyed by both nerds and non-nerds interested in cryptography or codes." So ... nerds. ;)

--
Who doesn't like free music?
Completely Backwards by zealot · 2005-09-08 10:55 · Score: 2, Informative

Actually, SETI@Home runs like http://www.distributed.net./

--
He said, "You'll be able to tell your grandchildren that you helped assemble the first NT supercomputer," and I cringed.
Hah! by unsigned+integer · 2005-09-08 10:59 · Score: 2, Funny

I remember this. My local ACM and I did 'bad things' during the Thanksgiving weekend when everyone left. We organized our groups, and went computer to computer launching client after client in almost every computer lab on campus.
We got quite a yelling at a while later, but we spiked our ranking up quite a bit that weekend, which was all that mattered. ;-)
Interesting... by Duncan3 · 2005-09-08 11:01 · Score: 1

How did you manage to get though that whole review without mentioning the distributed.net or the EFF, who also cracked DES. Yet you metion SETI@home many times which was started years after DESCHALL, EFF, and distributed.net, but has little resemblance to any of them.

Amusing, now go install Folding@home :)

--
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
Lisp by Anonymous Coward · 2005-09-08 11:25 · Score: 0

That guy was my Lisp instructor at OSU (Ohio). Nice guy, knows his Lisp. I just thought I would throw that out there, moving on.
Functional programming by strcmp · 2005-09-08 11:30 · Score: 1

Why is the text "functional programming" linked to the Slashdot front page in the review?

--
"Yields falsehood when preceded by its own quotation" yields falsehood when preceded by its own quotation.
1. Re:Functional programming by idonthack · 2005-09-08 11:42 · Score: 1
  
  They were looking for an antonym, and I guess they figured Slashcode could do a demonstration.
  ---
  If nobody notices, it's not illegal.
  Generated by SlashdotRndSig via GreaseMonkey
  
  --
  Why is it that when you believe something it's an opinion, but when I believe something it's a manifesto?
Botnets. by kiddailey · 2005-09-08 11:54 · Score: 2, Insightful

Every time someone mentions brute-force attacks against encrypted data, all I can think of is the growing number of computers that part of remote controlled botnets.

I imagine that brute-force encryption attacks by anyone with a direct or indirect connection to a 20,000+ node net are alarmingly easy.
1. Re:Botnets. by Bender0x7D1 · 2005-09-09 04:05 · Score: 3, Informative
  
  You can relax. There isn't a serious danger.
  
  Current standards such as 3-DES (triple-DES) and AES require a LOT more comuputing power than that to brute force.
  
  I've taken the Cryptography course from Iowa State University so I have a bit of information on hand from my class notes...
  
  The best known attack against 3-DES has a complexity of 2^113. Having 20,000 nodes is about 2^14 nodes. Heck, we'll assume 32,000 nodes. so 2^15. This still has a complexity of 2^98 for each machine to handle, or 2^42 more than DES. (2^43 if you consider the complementation property of DES which reduces the complexity of DES to 2^55.)
  
  This means it woudl still be trillions of times longer than than it took to break DES, even if every machine could have performance equal to the custom DES cracker built. I don't know about you, but I don't have trillions of days to consider the problem.
  
  AES is even tougher to crack than 3-DES, I'm not sure if there are any new attacks, but the key-space is 128, 196 or 256 bits. Even with the smallest key, 128 bits, this is thousands of times stronger than 3-DES. (2^128 vs. 2^113)
  
  So relax, use the latest standards to encrypt your information, and for the love of the Flying Spaghetti Monster, don't use a key that is a regular word! The way ciphers are broken today is by trying a variety of dictionary words or sentences as the key. Just like a password, make your keys random, or random in appearance.
  
  --
  Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
the message? by theraccoon · 2005-09-08 12:20 · Score: 1

So what was the message that was decoded?
1. Re:the message? by Anonymous Coward · 2005-09-08 13:47 · Score: 1, Funny
  
  "Drink more Ovaltine!"
2. Re:the message? by Anonymous Coward · 2005-09-08 18:03 · Score: 0
  
  'The unknown message is: It's time to move to a longer key length'
A predecessor of DESCHALL by flug · 2005-09-08 12:29 · Score: 5, Informative
I would like him to more clearly spell out the trends in Internet distributed computing. I would like to hear that DESCHALL was derived from project A and that it inspired projects B, C, and D. Was it was the original Internet distributed computing network?
I was involved (VERY slightly) in an effort called the "Distributed Internet Crack" to brute-force the keyspace of 48-bit RC5 in February 1997.
The project was the brainchild of Germano Caronni, a member of the Swiss Federal Institute of Technology in Zuerich.
The Distributed Internet Crack would be an immediate predecessor to DESCHALL, which started only 8 days after DIC successfully cracked 48-bit RC5.
The possibility of cracking DES is mentioned in the Distributed Internet Crack FAQ: "Paul Foley estimates that DES would be approximately 70 times more difficult to solve than 48-bit RC5". DIC solved 48-bit RC5 in about 13.5 days whereas DESCHALL took about 120 days (obviously with many more computers involved).
My impression at the time is that DIC and it's immediate predecessor, which involved much the same team and cracked 40-bit RC5 in 3.5 days, were among the first to use this sort of distributed computing (involving volunteered computer time, coordinated via the internet) on such a large scale. I'd be very interested in learning about any predecessors of these projects.
Reading over the FAQ for the Distributed Internet Crack is actually quite interesting after all these years. You can still see it here:
Distributed Internet Crack FAQ

Also a press release on the project's successful conclusion:
Press Release

Some quotes from the FAQ:
Solution: 74 a3 53 cc 0b 19
Time: from start of contest until Mon Feb 10 18:52:23 1997 (a little over 13 days)
Method: again, massive distributed coordinated keysearch
The Distributed Internet Crack is harnessing the power of thousands of computers over the internet to crack an encryption challenge offered by RSA Laboratories. The group first attacked the 40-bit RC5 Challenge, cracking it in about 3.5 hours
The Distributed Internet Crack broke new ground in several areas:
- The most machines ever working together on a single, public, project: over 5000 at once, at probably over 10,000 altogether (machines often drop in and out over the course of the crack).
- The most keys per second ever solved in a public project: 440 million keys per second at peak, 140 million keys per second over the course of the project.
1. Re:A predecessor of DESCHALL by Anonymous Coward · 2005-09-08 14:07 · Score: 0
  
  Thanks for the info. That's very interesting.
  
  peace,
  
  isaac
2. Re:A predecessor of DESCHALL by burris · 2005-09-08 22:28 · Score: 2, Informative
  
  My impression at the time is that DIC and it's immediate predecessor, which involved much the same team and cracked 40-bit RC5 in 3.5 days, were among the first to use this sort of distributed computing (involving volunteered computer time, coordinated via the internet) on such a large scale. I'd be very interested in learning about any predecessors of these projects.
  
  Sorry, the first major distributed computing project on the 'Net was the factoring of RSA-129 in 1993. Credit goes to Arjen Lenstra, Paul Leyland, and Derek Atkins. I fondly remember using Zilla to setup a cluster of NeXT slabs for the project.
  
  The magic words are SQEAMISH OSSIFRAGE!!
3. Re:A predecessor of DESCHALL by cmcurtin · 2005-09-09 01:38 · Score: 1
  
  Brute Force does mention the context of the DESCHALL project. Predecessors are mentioned, as are some of the spinoffs and projects that followed. Page 42 mentions not only the 1993 factoring of RSA-129 but also its predecessor, the 1988 effort coordinated by Lenstra and Manasse. distributed.net actually started while DESCHALL was underway and it is mentioned at the appropriate point in the narrative, as well as the others like SETI@Home.
  
  Many of the participants in the project who posted to the mailing list and talked about their experiences in running the clients will find themselves mentioned in the text.
  
  I hope that this is the kind of book that we can use to show our friends and family who aren't so technically inclined what we do and why it matters.
Surprised by Anonymous Coward · 2005-09-08 13:37 · Score: 0

I thought it was an ok game, but I never thought they'd bother making it into a book!
de-CSS by rathehun · 2005-09-08 21:53 · Score: 1

CSS was cracked by that group called Microsoft, specifically, their Internet Explorer browser.

:p

R.
does it still support biological weapon research by RMH101 · 2005-09-09 01:13 · Score: 1

...like the UD one did?
Re:Matt... [sig] by mike2R · 2005-09-09 01:39 · Score: 1

Grammar Zealotes: please spare a non-english writer

I probably shouldn't say this, but it's spelt Zealots... /runs

--
This sig all sigs devours
Re:does it still support biological weapon researc by rholliday · 2005-09-09 07:43 · Score: 1

The only project they list is the Human Proteome Folding Project.

I know the UD client had some issues, which is why they dropped off of the face of the earth for awhile. I personally stopped using it because every time I installed it I ended up with an infected file on my hard drive. I never heard back from their support, so I don't know if it was a false positive, a corrupted mirror, or what. I just went back to SETI. So far this one has been okay. I mainly run it because, as I mentioned, it's kosher on my work desktop.

--
Xbox reviews.. We think they're funny.