DESCHALL Project
Encyclopedia
DESCHALL, short for DES Challenge, was the first group to publicly break a message which used the Data Encryption Standard
(DES), becoming the $10,000 winner of the first of the set of DES Challenges
proposed by RSA Security
in 1997. It was established by a group of computer scientists led by Rocke Verser assisted by Justin Dolske and Matt Curtin
and involved thousands of volunteers who ran software in the background on their own machines, connected by the Internet
. They announced their success on June 18, only 96 days after the challenge was announced on January 28.
on a 486-based PS/2
PC with 56MB of memory and announced the project via Usenet
towards the end of March. Client software was rapidly written for a large variety of home machines and eventually some more powerful 64 bit systems.
There were two other main contenders: SoINET (a Swedish group), and a group at Silicon Graphics
, a manufacturer of high-performance computers
, which was in the lead until late in the day. Other groups using supercomputer
s withdrew after SYN flood
attacks on their networks.
es had been recorded, with a maximum of 14,000 unique hosts in a 24 hour period. By the time the key was found, they had searched about a quarter of the key-space and were searching about 7 billion keys per second, but the number of participants was still increasing rapidly.
The owner of the computer that found the solution was awarded $4,000 of the prize, with the rest going to the originator of the project.
The conclusion of the paper describing the project was "We have demonstrated that a brute-force search of DES keyspace is not only possible, but is also becoming practical for even modestly funded groups. RSA's prize for the find was US$10,000; it is safe to say that DES is inadequate for protecting data of any greater value."
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
(DES), becoming the $10,000 winner of the first of the set of DES Challenges
DES Challenges
The DES Challenges were a series of brute force attack contests created by RSA Security for the purpose of highlighting the lack of security provided by the Data Encryption Standard.-The Contests:...
proposed by RSA Security
RSA Security
RSA, the security division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
in 1997. It was established by a group of computer scientists led by Rocke Verser assisted by Justin Dolske and Matt Curtin
Matt Curtin
Matt Curtin is a computer scientist and entrepreneur in Columbus, Ohio best known for his work in cryptography and firewall systems. He is the founder of Interhack Corporation, first faculty advisor of , and lecturer in the Department of Computer Science and Engineering at The Ohio State...
and involved thousands of volunteers who ran software in the background on their own machines, connected by the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
. They announced their success on June 18, only 96 days after the challenge was announced on January 28.
Background
To search the 72 quadrillion possible keys of a 56-bit DES key using conventional computers was considered impractical even in the 1990s. Rocke Verser already had an efficient algorithm that ran on a standard PC and had the idea of involving the spare time on hundreds of other such machines that were connected to the internet. So they set up a serverCommunications server
Communications servers are open, standards-based computing systems that operate as a carrier-grade common platform for a wide range of communications applications and allow equipment providers to add value at many levels of the system architecture....
on a 486-based PS/2
IBM Personal System/2
The Personal System/2 or PS/2 was IBM's third generation of personal computers. The PS/2 line, released to the public in 1987, was created by IBM in an attempt to recapture control of the PC market by introducing an advanced proprietary architecture...
PC with 56MB of memory and announced the project via Usenet
Usenet
Usenet is a worldwide distributed Internet discussion system. It developed from the general purpose UUCP architecture of the same name.Duke University graduate students Tom Truscott and Jim Ellis conceived the idea in 1979 and it was established in 1980...
towards the end of March. Client software was rapidly written for a large variety of home machines and eventually some more powerful 64 bit systems.
There were two other main contenders: SoINET (a Swedish group), and a group at Silicon Graphics
Silicon Graphics
Silicon Graphics, Inc. was a manufacturer of high-performance computing solutions, including computer hardware and software, founded in 1981 by Jim Clark...
, a manufacturer of high-performance computers
High-performance computing
High-performance computing uses supercomputers and computer clusters to solve advanced computation problems. Today, computer systems approaching the teraflops-region are counted as HPC-computers.-Overview:...
, which was in the lead until late in the day. Other groups using supercomputer
Supercomputer
A supercomputer is a computer at the frontline of current processing capacity, particularly speed of calculation.Supercomputers are used for highly calculation-intensive tasks such as problems including quantum physics, weather forecasting, climate research, molecular modeling A supercomputer is a...
s withdrew after SYN flood
SYN flood
A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.-Technical details:...
attacks on their networks.
The Project
With the software that was used, a single 200 MHz Pentium system was able to test approximately 1 million keys/second if it was doing nothing else. At this rate it would take around 2,285 years to search the entire key-space. The number of computers being used rose rapidly and in the end, a total of 78,000 different IP addressIP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es had been recorded, with a maximum of 14,000 unique hosts in a 24 hour period. By the time the key was found, they had searched about a quarter of the key-space and were searching about 7 billion keys per second, but the number of participants was still increasing rapidly.
The owner of the computer that found the solution was awarded $4,000 of the prize, with the rest going to the originator of the project.
The conclusion of the paper describing the project was "We have demonstrated that a brute-force search of DES keyspace is not only possible, but is also becoming practical for even modestly funded groups. RSA's prize for the find was US$10,000; it is safe to say that DES is inadequate for protecting data of any greater value."