DESCHALL, short for DES Challenge, was the first group to publicly break a message which used the
Data Encryption Standard
The Data Encryption Standard (DES ) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cry ...
(DES), becoming the $10,000 winner of the first of the set of
DES Challenges
The DES Challenges were a series of brute force attack contests created by RSA Security to highlight the lack of security provided by the Data Encryption Standard.
The Contests
The first challenge began in 1997 and was solved in 96 days by the D ...
proposed by
RSA Security
RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, ...
in 1997. It was established by a group of computer scientists led by
Rocke Verser assisted by
Justin Dolske and
Matt Curtin
Matt Curtin (born 1973) is a computer scientist and entrepreneur in Columbus, Ohio best known for his work in cryptography and firewall systems. He is the founder of Interhack Corporation, first faculty advisor of Open Source Club at The Ohio ...
and involved thousands of volunteers who ran software in the background on their own machines, connected by the
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
. They announced their success on June 18, only 96 days after the challenge was announced on January 28.
Background
To search the 72
quadrillion
Two naming scales for large numbers have been used in English and other European languages since the early modern era: the long and short scales. Most English variants use the short scale today, but the long scale remains dominant in many non-Eng ...
possible keys of a 56-bit DES key using conventional computers was considered impractical even in the 1990s. Rocke Verser already had an efficient algorithm that ran on a standard PC and had the idea of involving the spare time on hundreds of other such machines that were connected to the internet. So they set up a
server
Server may refer to:
Computing
*Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients
Role
* Waiting staff, those who work at a restaurant or a bar attending customers and su ...
on a 486-based
PS/2
The Personal System/2 or PS/2 is IBM's second generation of personal computers. Released in 1987, it officially replaced the IBM PC, XT, AT, and PC Convertible in IBM's lineup. Many of the PS/2's innovations, such as the 16550 UART (serial po ...
PC with 56MB of memory and announced the project via
Usenet
Usenet () is a worldwide distributed discussion system available on computers. It was developed from the general-purpose Unix-to-Unix Copy (UUCP) dial-up network architecture. Tom Truscott and Jim Ellis conceived the idea in 1979, and it was ...
towards the end of March. Client software was rapidly written for a large variety of home machines and eventually some more powerful 64 bit systems.
There were two other main contenders: SoINET (a Swedish group), and a group at
Silicon Graphics
Silicon Graphics, Inc. (stylized as SiliconGraphics before 1999, later rebranded SGI, historically known as Silicon Graphics Computer Systems or SGCS) was an American high-performance computing manufacturer, producing computer hardware and soft ...
, a manufacturer of
high-performance computers, which was in the lead until late in the day. Other groups using
supercomputer
A supercomputer is a computer with a high level of performance as compared to a general-purpose computer. The performance of a supercomputer is commonly measured in floating-point operations per second ( FLOPS) instead of million instructions ...
s withdrew after
SYN flood
A SYN flood is a form of denial-of-service attack in which an attacker rapidly initiates a connection to a server without finalizing the connection. The server has to spend resources waiting for half-opened connections, which can consume enough ...
attacks on their networks.
The Project
With the software that was used, a single 200 MHz Pentium system was able to test approximately 1 million keys/second if it was doing nothing else. At this rate it would take around 2,285 years to search the entire key-space. The number of computers being used rose rapidly and in the end, a total of 78,000 different
IP address
An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
es had been recorded, with a maximum of 14,000 unique hosts in a 24-hour period. By the time the key was found, they had searched about a quarter of the key-space and were searching about 7 billion keys per second, but the number of participants was still increasing rapidly.
The solution was:
Strong cryptography makes the world a safer place.
The owner of the computer that found the solution was awarded $4,000 of the prize, with the rest going to the originator of the project.
The conclusion of the paper describing the project was "We have demonstrated that a brute-force search of DES keyspace is not only possible, but is also becoming practical for even modestly funded groups. RSA's prize for the find was US$10,000; it is safe to say that DES is inadequate for protecting data of any greater value."
A Brute Force Search of DES Keyspace
/ref>
See also
*'' Brute Force: Cracking the Data Encryption Standard''
*distributed.net
Distributed.net is a volunteer computing effort that is attempting to solve large scale problems using otherwise idle CPU or GPU time. It is governed by Distributed Computing Technologies, Incorporated (DCTI), a non-profit organization under U. ...
*RSA Factoring Challenge
The RSA Factoring Challenge was a challenge put forward by RSA Laboratories on March 18, 1991 to encourage research into computational number theory and the practical difficulty of factoring large integers and cracking RSA keys used in cryptograp ...
*RSA Secret-Key Challenge
The RSA Secret-Key Challenge was a series of cryptographic contests organised by RSA Laboratories with the intent of helping to demonstrate the relative security of different encryption algorithms. The challenge ran from 28 January 1997 until May ...
Footnotes
References
*
External links
Archive of project material
{{Webarchive, url=https://web.archive.org/web/20100325222525/http://www.interhack.net/projects/deschall/ , date=2010-03-25
Cryptography contests
Data Encryption Standard