From: Bob Baldwin <baldwin@RSA.COM>
Date: Fri, 3 Jan 1997 10:09:11 -0800 (PST)
To: "'cypherpunks@toad.com>
Subject: RSA Announces New "DES Challenge"
Message-ID: <c=US%a=_%p=RSA_Data_Securit%l=LOBESTER-970103181029Z-8285@LOBESTER.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain



RSA Announces New "DES Challenge"

Tens of thousands of dollars in cash prizes offered; contest should 
improve overall Internet security by illustrating relative strength 
of different crypto algorithms and keysizes.

Business Editors and Computer Writers


REDWOOD CITY, Calif.-Jan 2, 1997--RSA Data Security, Inc., a wholly 
owned subsidiary of Security Dynamics Technology, Inc. (NASDAQ: 
SDTI), today announced an Internet-based contest with cash prizes.   
The contest, known as the "RSA DES Challenge", challenges 
mathematicians, hackers and computer experts around the world to 
decipher encrypted messages.  The goal of the contest is to quantify 
the security offered by the government endorsed DES encryption 
standard and other secret-key ciphers at various key sizes.

The challenge proper will be launched during the RSA Data Security 
Conference to be held in San Francisco, January 28-31, with the 
target ciphertexts for the different contests being simultaneously 
posted on the company web-site, at http://www.rsa.com/

RSA Data Security pioneered the Internet-based "cracking" contest, 
when it launched the original "RSA Factoring Challenge" back in 1991.  
Since then, the company has paid out over $100,000 in prize money to 
mathematicians and hackers around the world, and the data gained from 
that Challenge (which is ongoing) has greatly increased 
mathematicians' understanding of the strength of encryption 
techniques based on the "factoring problem", such as the RSA Public 
Key Cryptosystem T.


Background

It's widely agreed that 56-bit keys, such as those offered by the 
government's DES standard, offer marginal protection against the 
committed adversary. By inertia as much as anything else, DES is 
still used for many applications, and the 20-year-old algorithm is 
proposed to be exportable under the latest incarnation of Clipper. It 
is the perfect time to demonstrate to the world that better systems 
are both required - and available - thus improving the world's 
security.

There have been theoretical studies done showing that a specialized 
computer "DES cracker" could be built for a modest sum, which could 
crack keys in mere hours by exhaustive search. However, no one is 
known to have built such a machine in the private sector - and nobody 
knows if one has been built in any government, either.

The successes of the RSA Factoring Challenge show that for some types 
of problems, it's possible to recruit spare "cycles" on a large 
number of machines distributed around the Internet. Therefore, by 
offering a suitable incentive, it should be possible to recruit 
sufficient CPU power across the Internet to exhaustively search the 
DES keyspace in a matter of weeks.

Computer scientists have already developed software that will allow 
even the novice computer user to participate in the cracking effort.  
By incorporating the key search software in a "screen saver", a 
simple PC anywhere on the Internet can devote its spare time to 
working on the problem - remotely and completely unattended.  Even 
people with limited computer skills will be able to participate.  In 
the RSA DES Challenge, the motto will definitely be "The More, The 
Merrier".


The Contest

Full details of the RSA DES Challenge will be posted on the RSA home 
page (http://www.rsa.com/) during the first weeks of January. 
Complete rules for the competition will be provided as well as 
example challenges and solutions against which computer scientists 
and hackers can test their software. 

In conjunction with the RSA DES Challenge, RSA will simultaneously 
launch a series of other contests based around the RC5 Symmetric 
Block Cipher (another encryption algorithm).  Since RC5 is a variable 
key length block cipher, targets that offer increasing resistance 
against so-called "exhaustive search attacks" will be posted in the 
hope of assessing the full impact of a widely-distributed exhaustive 
search. There will be 12 challenges based on the use of RC5. Prizes 
will be awarded for the recovery of each of 12 keys which are chosen 
to be of lengths varying from 40 bits all the way up to 128 bits, 
with the length increasing in steps of eight bits.

The email sender of the first correctly formatted submissions to each 
contest will receive a cash prize. For the RSA DES Challenge the 
first sender of the secret DES key will receive $10,000. For the 
other contests the prize money awarded will vary with the difficulty 
of the RC5 key attacked.

For more information about the ongoing RSA Factoring Challenge send 
email to challenge-administrator@rsa.com and for the latest news and 
developments send email to challenge-news@rsa.com. 


About RSA Data Security, Inc.

RSA Data Security, Inc., a wholly owned subsidiary of Security 
Dynamics Technologies, Inc., is the world's brand name for 
cryptography, with more than 75 million copies of RSA encryption and 
authentication technologies installed and in use worldwide. RSA 
technologies are part of existing and proposed standards for the 
Internet and World Wide Web, IT4, ISO, ANSI, IEEE, and business, 
financial and electronic commerce networks around the globe. The 
company develops and markets platform-independent developer's kits 
and end-user products, and provides comprehensive cryptographic 
consulting services. For more information on any of RSA's encryption 
technologies, please call RSA directly at 415/595-8782 or send 
electronic mail to sales@rsa.com. RSA also provides information on 
its Web site at http://www.rsa.com. 



****************************************************************
Kurt R. Stammberger
Director, Technology Marketing
RSA Data Security, Inc. (A Security Dynamics Company)
415-595-8782 vox           415-595-1873 fax
kurt@rsa.com               www.rsa.com