1997-01-08 - Re: The Upcoming DES Challenge

Header Data

From: jim bell <jimbell@pacifier.com>
To: cypherpunks@toad.com
Message Hash: 3b08fa1566c61b1fbf23e20328707daf20b3236669f17da8f927cd1ee2f5d6ea
Message ID: <199701080705.XAA04904@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1997-01-08 07:05:48 UTC
Raw Date: Tue, 7 Jan 1997 23:05:48 -0800 (PST)

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Tue, 7 Jan 1997 23:05:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: The Upcoming DES Challenge
Message-ID: <199701080705.XAA04904@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:49 PM 1/7/97, pgut001@cs.auckland.ac.nz wrote:
>Orbital mind control lasers made mpd@netcom.com (Mike Duvos) write:
> 
>>Peter Trei (trei@process.com) writes:
>>>1. I'm astonished at the low level of reaction RSA's announcement that they 
>>>will be sponsoring a DES Challenge, with a $10,000 cash prize.
>>I'm certainly jumping up and down and cheering.  I said a while back that the 
>>life expectancy of DES would be about two weeks if anyone forked over serious 
>>cash.
> 
>I'm still a bit nervous about what the reaction will be though - won't the 
>US government (and anyone else pushing DES) be able to say "It took 10,000 
>Pentiums several weeks, noone would bother doing that, so it's safe" (with a 
>possible side order of "Safer-SK64 is 256 times as secure, anyone we really 
>like can use that provided they hand over the keys in advance").

This was exactly my concern months ago.  PC's are remarkably _inefficient_ 
systems for attempting to crack codes.  I recall estimating, quite 
approximately, that it might take somewhere about $500,000 of electricity 
cost alone to check all 2**56 possible decrypts, most of which is going to 
power unnecessary components.  (monitors, hard drives, sound cards, modem 
cards, etc, etc, etc.)   By doing the decrypts on PCs (term used 
generically; it applies just as well to Mac's, PowerPC's, DEC Alpha's, etc)  
we make it look like DES is better than it really is.

But I'm under no illusion.  As the saying went, "When the only tool you have 
is a hammer, you treat every problem as if it were a nail.)  People have 
PC's, and will use them.  Let me suggest, however, that somebody familiar 
with the details of DES and FPGA's (or other kinds of high-density 
programmable logic) figure out a ballpark estimate of how much it would cost 
to implement a minimalist DES-cracker in hardware.  Don't do it, just 
estimate it.  Then, when somebody has finally cracked that DES message and 
someone the news media is trying to suggest that this was an expensive 
effort, a more economical figure will be quotable.




Jim Bell
jimbell@pacifier.com





Thread