From: 3umoelle@informatik.uni-hamburg.de (Ulf =?ISO-8859-1?Q?M=F6ller?=)
Date: Thu, 15 May 1997 07:33:56 +0800
To: cypherpunks@algebra.com
Subject: DES challenge news (fwd)
Message-ID: <m0wRmD5-0003b9C@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain


Distributed key cracking efforts have been discussed in detail on
cypherpunks and coderpunks for quite some time.  A Swedish group
trying to solve RSADSI's DES challenge chose to ignore the results.
Here is what they got (from RISKS 19.14):

>Date: Mon, 12 May 1997 17:56:54 +0200 (MET DST)
>From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>
>Subject: DES challenge news

You may remember RISKS-19.09, in which I discussed the risks in a
network-wide attack on the RSA DES challenge: The Swedish group at
http://www.des.sollentuna.se/ didn't give out its source, so the client
could, in fact, do anything, such as crack a master EC-card key.  The reason
given was client integrity.

Well, a month after this, the promised source code release has not happened.
Instead, it appears that somebody disassembled part of the client, made a
version that reported fake "done" blocks, and then sent these to the
servers.

Moral?  Don't ever think that nobody can read compiled code.  Don't try to
run a cooperative effort like this in a closed development model.

Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.

------------------------------