From: jim bell <jimbell@pacifier.com>
Date: Sun, 23 Jun 1996 06:14:21 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Federal Key Registration Agency
Message-ID: <199606221648.JAA25376@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:09 AM 6/22/96 -0700, Bill Stewart wrote:

>Actually, it may even be low - Cray-type supercomputers aren't particularly
>designed for the bit-twiddling you need to do DES well.  An application-
>specific cracking machine can do it several orders of magnitude faster
>for a smaller amount of money.  Wiener's design was two orders of magnitude
>more cost-effective than the two previous designs (Peter Wayner's content-
>addressible-memory design and somebody-from-DEC's GaAs chip design were
>both about $50M for a 1-day crack), and those were substantial breakthroughs
>when they came out.  

It would be foolish to use GaAs to build a DES-cracker.  If there's one 
thing we've learned from the fact that microcomputers have "won" against 
mainframes, and massively-parallel computers have "won" against super-speed 
scalars, it is that it is much, much cheaper to build 10 transistors of 
speed "1", than 1 transistor at speed "10."  Presumably, they can get the 
same amount of work done.

The main thing that kept vector (parallel) machines back in the 70's and 
80's was the problem of subdividing programming tasks into hundreds or 
thousands of such tasks, suitable for such a machine.  That "problem" is no 
problem at all for DES cracking, since trying large numbers of codes is 
inherently a decomposable problem.

It seems likely that the most economical solution would be to build the 
cracker on a not-quite state-of-the-art fab, say a 0.5 micron facility, 
purchased from some semiconductor company who has one too many old fabs.  
The costs of the hardware would be amortized already, and the product would 
be sufficiently fast to help minimize the parallelism required.

Jim Bell
jimbell@pacifier.com