Re: [OFF-TOPIC] RCA key cracking contest

To: Karl Ferguson <karl@tower.net.au>
Cc: debian-user@lists.debian.org
Subject: Re: [OFF-TOPIC] RCA key cracking contest
From: Steve Reid <steve@edmweb.com>
Date: Sun, 23 Feb 1997 15:29:15 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.95q.970223143136.16931C-100000@bluesmoke>
In-reply-to: <[🔎] 2.2.32.19970223135514.0071df40@tower.net.au>

> The goal of cracking this key is to test the government endorsed
> encryption standard called DES.  The data received from this contest
> will assist researchers and developers in new encryption techniques.
> ftp://portal.stwing.upenn.edu/pub/rc5

Please note that RC5 and DES are not the same algorithm.

Your message gives a pointer to RC5 cracking software. People are also
preparing to crack DES. Both of these efforts are going to require a
lot of CPU power. By dividing the CPU power between RC5 and DES, both
efforts will take a lot longer.

My advice is to work on RC5 for now, but when the DES software becomes
available, put RC5 on hold and go after DES. DES is a far more
interesting target because it is so widely used. Also, because of the
design of DES's key schedual, it can be cracked in a fraction of the
time (one fifth to one seventh).

The main goal of breaking a 56-bit RC5 or DES key is not really
research/development. The main goal is to raise public awareness about
cryptography, and to discredit the US government's current position on
cryptography.

Currently, software companies can't export strong cryptography without
obtaining a licence. The government refuses to give export licences for
anything but weak 40-bit cryptography. Because it is not cost-effective
to maintain two versions (domestic and exportable) of the same
software, most companies only produce 40-bit software. Anyone who does
produce strong cryptography, even if they don't export it, lives in
fear of government harrassment and legal action should any of the
end-users send the software out of the country. Just ask Phil
Zimmerman, author of PGP, about government harrassment.

The government has recently allowed some companies to export 56-bit
cryptography for up to two years. But, there is a price: the companies
have to promise that they will start producing cryptography with
backdoors that the government can spy through. This offer is appealing
to many companies who can currently only export 40-bit software,
because 40-bit keys have been cracked while 56-bit keys never have been
(at least not publicly). Several companies have already agreed to work
on creating backdoors, so that they can sell 56-bit crypto for the next
couple of years.

The bottom line is that the government wants to spy on everyone's
communications, and they're pressuring US companies into helping the
government evesdropping efforts. The efforts to crack a 56-bit key will
make the two-year 56-bit deal less appealing to US companies, but only
if the key is cracked in a timely fashion. Since the DES break will
take a fraction of the time, we should give it priority.

If we can convince companies that the government deal is a bad one, and
convince them to fight the export restrictions, then PGP/ssh/etc could
be included on the main Debian mirrors and we could put an end to the
regular "Where can I get PGP?" questions. :)



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- [OFF-TOPIC] RCA key cracking contest
  - From: Karl Ferguson <karl@tower.net.au>

Prev by Date: Re: From stable to unstable, your advise needed
Next by Date: Re: From stable to unstable, your advise needed
Previous by thread: [OFF-TOPIC] RCA key cracking contest
Next by thread: Not a problem and not too shabby
Index(es):
- Date
- Thread