DESCHALL, short for DES Challenge, was the first group to publicly break a message which used the
Data Encryption StandardThe Data Encryption Standard is a block cipher that was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm...
(DES), becoming the $10,000 winner of the first of the set of
DES ChallengesThe DES Challenges were a series of brute force attack contests created by RSA Security for the purpose of highlighting the lack of security provided by the Data Encryption Standard.-The Contests:...
proposed by
RSA SecurityRSA, The Security Division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
in 1997. It was established by a group of computer scientists led by Rocke Verser assisted by Justin Dolske and
Matt CurtinMatt Curtin is a computer scientist and entrepreneur in Columbus, Ohio best known for his work in cryptography and firewall systems. He is the founder of Interhack Corporation and lecturer in the Department of Computer Science and Engineering at The Ohio State University, where he teaches a...
and involved thousands of volunteers who ran software in the background on their own machines, connected by the
InternetThe Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite to serve billions of users worldwide...
.
DESCHALL, short for DES Challenge, was the first group to publicly break a message which used the
Data Encryption StandardThe Data Encryption Standard is a block cipher that was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm...
(DES), becoming the $10,000 winner of the first of the set of
DES ChallengesThe DES Challenges were a series of brute force attack contests created by RSA Security for the purpose of highlighting the lack of security provided by the Data Encryption Standard.-The Contests:...
proposed by
RSA SecurityRSA, The Security Division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
in 1997. It was established by a group of computer scientists led by Rocke Verser assisted by Justin Dolske and
Matt CurtinMatt Curtin is a computer scientist and entrepreneur in Columbus, Ohio best known for his work in cryptography and firewall systems. He is the founder of Interhack Corporation and lecturer in the Department of Computer Science and Engineering at The Ohio State University, where he teaches a...
and involved thousands of volunteers who ran software in the background on their own machines, connected by the
InternetThe Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite to serve billions of users worldwide...
. They announced their success on June 18, only 96 days after the challenge was announced on Jan 28.
Background
To search the 72 quadrillion possible keys of a 56-bit DES key using conventional computers was considered impractical even in the 1990s. Rocke Verser already had an efficient algorithm that ran on a standard PC and had the idea of involving the spare time on hundreds of other such machines that were connected to the internet. So they set up a
serverCommunications servers are open, standards-based computing systems that operate as a carrier-grade common platform for a wide range of communications applications and allow equipment providers to add value at many levels of the system architecture....
on a 486-based
PS/2The Personal System/2 or PS/2 was IBM's third generation of personal computers. The PS/2 line, released to the public in 1987, was created by IBM in an attempt to recapture control of the PC market by introducing an advanced proprietary architecture...
PC with 56MB of memory and announced the project via
UsenetUsenet, a portmanteau of "user" and "network" , is a worldwide distributed Internet discussion system. It evolved from the general purpose UUCP architecture of the same name....
towards the end of March. Client software was rapidly written for a large variety of home machines and eventually some more powerful 64 bit systems.
There were two other main contenders: SoINET (a Swedish group), and a group at
Silicon GraphicsSilicon Graphics, Inc. was a manufacturer of high-performance computing solutions, including computer hardware and software, founded in 1981 by Jim Clark and Abbey Silverstone...
, a manufacturer of
high-performance computersHigh-performance computing uses supercomputers and computer clusters to solve advanced computation problems. Today, computer systems approaching the teraflops-region are counted as HPC-computers.-Overview:...
, which was in the lead until late in the day. Other groups using
supercomputerA supercomputer is a computer that is at the frontline of current processing capacity, particularly speed of calculation. Supercomputers were introduced in the 1960s and were designed primarily by Seymour Cray at Control Data Corporation , and led the market into the 1970s until Cray left to form...
s withdrew after
SYN floodA SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system.When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:#The client...
attacks on their networks.
The Project
With the software that was used, a single 200 MHz Pentium system was able to test approximately 1 million keys/second if it was doing nothing else. At this rate it would take around 2,285 years to search the entire key-space. The number of computers being used rose rapidly and in the end, a total of 78,000 different
IP addressAn Internet Protocol address is a numerical label that is assigned to devices participating in a computer network utilizing the Internet Protocol for communication between its nodes....
es had been recorded, with a maximum of 14,000 unique hosts in a 24 hour period. By the time the key was found, they had searched about a quarter of the key-space and were searching about 7 billion keys per second, but the number of participants was still increasing rapidly.
The owner of the computer that found the solution was awarded $4,000 of the prize, with the rest going to the originator of the project.
The conclusion of the paper describing the project was "We have demonstrated that a brute-force search of DES keyspace is not only possible, but is also becoming practical for even modestly funded groups. RSA's prize for the find was US$10,000; it is safe to say that DES is inadequate for protecting data of any greater value."
External links