In
cryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
, the
EFF DES cracker (nicknamed "
Deep Crack") is a machine built by the
Electronic Frontier FoundationThe Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
(EFF) in 1998 to perform a
brute forceIn cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
search of
DESThe Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
cipher's key space — that is, to decrypt an encrypted message by trying every possible key. The aim in doing this was to prove that DES's key is not long enough to be secure.
Background
DES uses a 56-bit
keyIn cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
, meaning that there are 2
56 possible keys under which a message can be encrypted. This is exactly 72,057,594,037,927,936, or approximately 72 quadrillion (using the Short Scale), possible keys. When DES was approved as a federal standard in 1976, a machine fast enough to test that many keys in a reasonable amount of time would have cost an unreasonable amount of money to build.
DES decryption on Deep Crack takes on average 4.5 days.
The DES challenges
Since DES was a federal standard, the US government encouraged the use of DES for all non-classified data.
RSA SecurityRSA, the security division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
wished to demonstrate that DES's key length was not enough to ensure security, so they set up the
DES ChallengesThe DES Challenges were a series of brute force attack contests created by RSA Security for the purpose of highlighting the lack of security provided by the Data Encryption Standard.-The Contests:...
in 1997, offering a monetary prize. The first DES Challenge was solved in 96 days by the
DESCHALL ProjectDESCHALL, short for DES Challenge, was the first group to publicly break a message which used the Data Encryption Standard , becoming the $10,000 winner of the first of the set of DES Challenges proposed by RSA Security in 1997...
led by Rocke Verser in
Loveland, ColoradoLoveland is a Home Rule Municipality that is the second most populous city in Larimer County, Colorado, United States. Loveland is situated north of the Colorado State Capitol in Denver. Loveland is the 14th most populous city in Colorado. The United States Census Bureau that in 2010 the...
. RSA Security set up DES Challenge II-1, which was solved by
distributed.netdistributed.net is a worldwide distributed computing effort that is attempting to solve large scale problems using otherwise idle CPU or GPU time. It is officially recognized as a non-profit organization under U.S...
in 41 days in January and February 1998.
In 1998, the EFF built Deep Crack for less than $250,000. In response to DES Challenge II-2, on July 17, 1998, Deep Crack decrypted a DES-encrypted message after only 56 hours of work, winning $10,000. This was the final blow to DES, against which there were already some published cryptanalytic attacks. The brute force attack showed that cracking DES was actually a very practical proposition. For well-endowed governments or corporations, building a machine like Deep Crack would be no problem.
Six months later, in response to RSA Security's DES Challenge III, and in collaboration with
distributed.netdistributed.net is a worldwide distributed computing effort that is attempting to solve large scale problems using otherwise idle CPU or GPU time. It is officially recognized as a non-profit organization under U.S...
, the EFF used Deep Crack to decrypt another DES-encrypted message, winning another $10,000. This time, the operation took less than a day — 22 hours and 15 minutes. The decryption was completed on January 19, 1999. In October of that year, DES was reaffirmed as a federal standard, but this time the standard recommended
Triple DESIn cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....
.
The small key-space of DES, and relatively high computational costs of triple DES resulted in its replacement by
AESAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
as a Federal standard, effective May 26, 2002.
Technology
Deep Crack was designed by
Cryptography Research, Inc.Cryptography Research, Inc.. is a San Francisco based cryptography company specializing in applied cryptographic engineering, including technologies for building tamper-resistant semiconductors. It was purchased on June 6, 2011 by Rambus for more than $250M in cash and stock. The company licenses...
, Advanced Wireless Technologies and the
EFFThe Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
. The principal designer was
Paul KocherPaul Carl Kocher is an American cryptographer and cryptography consultant, currently the president and chief scientist of Cryptography Research, Inc....
, president of
Cryptography ResearchCryptography Research, Inc.. is a San Francisco based cryptography company specializing in applied cryptographic engineering, including technologies for building tamper-resistant semiconductors. It was purchased on June 6, 2011 by Rambus for more than $250M in cash and stock. The company licenses...
. Advanced Wireless Technologies built 1856 custom
ASICASIC may refer to:* Application-specific integrated circuit, an integrated circuit developed for a particular use, as opposed to a customised general-purpose device.* ASIC programming language, a dialect of BASIC...
DES chips (called
Deep Crack or
AWT-4500), housed on 29 circuit boards of 64 chips each. The boards were then fitted in six cabinets and mounted in a
Sun-4/470Sun-4 is a series of Unix workstations and servers produced by Sun Microsystems, launched in 1987. The original Sun-4 series were VMEbus-based systems similar to the earlier Sun-3 series, but employing microprocessors based on Sun's own SPARC V7 RISC architecture in place of the 68k family...
chassis. The search was coordinated by a single PC which assigned ranges of keys to the chips. The entire machine was capable of testing over 90 billion keys per second. It would take about 9 days to test every possible key at that rate. On average, the correct key would be found in half that time.
In 2006, another
custom hardware attackIn cryptography, a custom hardware attack uses specifically designed application-specific integrated circuits to decipher encrypted messages....
machine was designed based on FPGAs. COPACOBANA (COst-optimized PArallel COdeBreaker) shows a similar performance as Deep Crack at considerably lower cost. This advantage is mainly due to progress in IC technology.
External links