From: Tim Philp <bplib@wat.hookup.net>
To: List <cypherpunks@toad.com>
Message Hash: af9ad863042524fe613c4fb24efeaa69cad17daa1cb353d50c81993747fc9b59
Message ID: <Pine.OSF.3.91.951004000011.13722F-100000@nic.wat.hookup.net>
Reply To: N/A
UTC Datetime: 1995-10-04 03:59:34 UTC
Raw Date: Tue, 3 Oct 95 20:59:34 PDT
From: Tim Philp <bplib@wat.hookup.net>
Date: Tue, 3 Oct 95 20:59:34 PDT
To: List <cypherpunks@toad.com>
Subject: ARTICLES
Message-ID: <Pine.OSF.3.91.951004000011.13722F-100000@nic.wat.hookup.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Copyright (C) 1995
Tim Philp
Brantford, Ontario
Canada
Article appeared in The Expositor, Brantford, Ont., Canada
Sept 9th, 1995
- THE CODEBREAKERS -
by
Tim Philp
A couple of weeks ago an extraordinary event took
place that has implications for all users of the Internet. A
group on the Internet, who call themselves CYPHERpunks,
ran a test of a code system that was considered uncrackable in
any reasonable amount of time. This in itself was not the
extraordinary event. This code was broken by the cypherpunks
in only 31.5 HOURS! That's right, hours. This code, called
SSL used a 40 bit encypherment key with 1,099,511,627,776
possible combinations.
To give you an example of just how incredible this
feat was, let's examine the security of this code. If you were to
try 1 key per second it would take you just over 34,841 years to
try them all. That is almost five times longer than all of
recorded history.
How was this done and what does this mean to users
of the Internet? The how part is simple to explain, the meaning
will be more difficult to divine.
The security of a code must rely only upon the key
used to encipher the plaintext. It is assumed that the method of
encryption is well known, as indeed it would be if it were used
in a commercial product. Someone would disassemble the code
and figure out the method. It is for this reason that security
cannot reside in a secret means of encypherment. SSL is one
such code.
This group, the Cypherpunks, wrote a program that
would try keys in sequence and then they distributed it to the
Internet community. They then set up a central computer that
people all over the world could call into and get assigned a
group of keys to try. These people would then feed these keys
into the code cracking program and report the results to the
central computer.
With hundreds of users taking part, using computers
that were sitting idle at nights running screen savers, they
cracked the code in 31.5 hours.
One of the greatest arguments against people trying
this kind of brute force attack on codes, is that the computer
time and power required would cost the earth. In actual fact,
this successful attack cost nothing at all as the computers used
were sitting idle.
Everything from little 286 PCs to mini-computer
workstations were pressed into service labouring long over the
weekend tirelessly trying one possible key after another until
they cracked the code.
Because this was an academic excersise, there was no
harm done. The purpose was to prove how quickly a 40 bit
code could be cracked. I confess to be astounded at just how
fast this was accomplished.
This points out two remarkable possibilities for the
new communications technology that we are only now
beginning to use. If that code were protecting sensitive
information, such as a bank funds transfer, this group could be
very rich.
It does also point out a new way of using the Internet
to solve problems that have long eluded solution because of the
shear computational size of the problem.
If the problem were to be divided up into small
chunks and given to hundreds of computers worldwide,
solution may become possible. We are just beginning to
understand the possibilities.
This file may not be reproduced by any means without the
permission of the author
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAwUBMHM8znseeMISF+fVAQEGzgP+L+JQfTSZ1un83/oh2g/5Nthw3tiHVtb9
eDiOtuzvuQiLxMO/SUPnjM5cXlSYhTNCN8wF49IXEO5Istg58oIA8wf4MPr8aDML
dsK8h34rBQqVXjaxC9staKtKnTGLfZFLmKGwRShLJECgs6Bzqu25TptSYIa8RRGk
ncYhNj6Lalc=
=RE7O
-----END PGP SIGNATURE-----
===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================
Return to October 1995
Return to “Tim Philp <bplib@wat.hookup.net>”
1995-10-04 (Tue, 3 Oct 95 20:59:34 PDT) - ARTICLES - Tim Philp <bplib@wat.hookup.net>