From: Tim May <tcmay@got.net>
To: cypherpunks@cyberpass.net
Message Hash: 0bf8e6e29c01cefb3976cbb7621a9b12d41e94c45cb01380e7d8b56791c713c9
Message ID: <v03102803afd5c15420c6@[207.167.93.63]>
Reply To: <3.0.2.32.19970624162104.007bb990@middx.x.co.uk>
UTC Datetime: 1997-06-24 18:40:59 UTC
Raw Date: Wed, 25 Jun 1997 02:40:59 +0800
From: Tim May <tcmay@got.net>
Date: Wed, 25 Jun 1997 02:40:59 +0800
To: cypherpunks@cyberpass.net
Subject: Making _Real_ Money off a DES Break
In-Reply-To: <3.0.2.32.19970624162104.007bb990@middx.x.co.uk>
Message-ID: <v03102803afd5c15420c6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain
At 10:54 AM -0700 6/24/97, Adam Back wrote:
>Re comments that I should re-read the paper, here is what Wiener's
>paper says about estimated costs of a specialized DES key breaker:
>
> $100,000 for a machine to break DES in an average of 35 hrs
> $1 mil for a machine to break DES in an average of 3.5 hrs
> $10 mil for a machine to break DES in an average of 21 mins
...
>35 hours sounds a reasonable amount of time to break a Swift banking
>transfer key protecting trillions of dollars of funds.
>
Show me the money! A DES break that resulted in a loss of several tens of
millions of dollars, suitably publicized, would be both educational and
rewarding.
We often talk about the "threat model." But what's the _profit model_ for
breaking DES?
Can money be made by breaking a SWIFT transfer in approx. 35 hours?
(Personally, I doubt it. Between increasing use of 3DES and "time windows"
which are probably much shorter than tens of hours, I doubt a Wiener
machine would be of much use to a hacker.)
Of course, the payoffs could be huge. If the banking system is really
vulnerable to this sort of attack, then why has some private group not
financed the building of a Wiener machine? (I know many people who could
pay for such a machine out of "spare cash," if the profits/risks were
there; I'm not saying *I* would, of course, only that the amounts are not
so high. The cheapest of the listed machines above is comparable in price
to a Jaguar XK8.)
Is anyone publishing on this? Are the details of the SWIFT and similar
interbank transfer systems available anywhere?
(What kind of out-of-band checksums may exist? What kind of callback
systems? What window of opportunity exists if a single DES key is found? Is
it useful?)
--Tim May
There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^1398269 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."
Return to June 1997
Return to “Tom Weinstein <tomw@netscape.com>”