From: Tim May <tcmay@got.net>
Date: Wed, 25 Jun 1997 02:40:59 +0800
To: cypherpunks@cyberpass.net
Subject: Making _Real_ Money off a DES Break
In-Reply-To: <3.0.2.32.19970624162104.007bb990@middx.x.co.uk>
Message-ID: <v03102803afd5c15420c6@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain



At 10:54 AM -0700 6/24/97, Adam Back wrote:
>Re comments that I should re-read the paper, here is what Wiener's
>paper says about estimated costs of a specialized DES key breaker:
>
> $100,000 for a machine to break DES in an average of  35 hrs
> $1 mil   for a machine to break DES in an average of 3.5 hrs
> $10 mil  for a machine to break DES in an average of  21 mins
...
>35 hours sounds a reasonable amount of time to break a Swift banking
>transfer key protecting trillions of dollars of funds.
>

Show me the money! A DES break that resulted in a loss of several tens of
millions of dollars, suitably publicized, would be both educational and
rewarding.

We often talk about the "threat model." But what's the _profit model_ for
breaking DES?

Can money be made by breaking a SWIFT transfer in approx. 35 hours?

(Personally, I doubt it. Between increasing use of 3DES and "time windows"
which are probably much shorter than tens of hours, I doubt a Wiener
machine would be of much use to a hacker.)

Of course, the payoffs could be huge. If the banking system is really
vulnerable to this sort of attack, then why has some private group not
financed the building of a Wiener machine? (I know many people who could
pay for such a machine out of "spare cash," if the profits/risks were
there; I'm not saying *I* would, of course, only that the amounts are not
so high. The cheapest of the listed machines above is comparable in price
to a Jaguar XK8.)

Is anyone publishing on this? Are the details of the SWIFT and similar
interbank transfer systems available anywhere?

(What kind of out-of-band checksums may exist? What kind of callback
systems? What window of opportunity exists if a single DES key is found? Is
it useful?)

--Tim May




There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."