The Electronic Frontier Foundation (EFF) raised the level of honesty in crypto politics by revealing that the Data Encryption Standard (DES) is insecure. The U.S. government has long pressed industry to limit encryption to DES (and even weaker forms), without revealing how easy it is to crack. Continued adherence to this policy would put critical infrastructures at risk; society should choose a different course.
To prove the insecurity of DES, EFF built the first unclassified hardware for cracking messages encoded with it. On Wednesday, July 17, 1998 the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took the machine less than 3 days to complete the challenge, shattering the previous record of 39 days set by a massive network of tens of thousands of computers. The research results are fully documented in a book published this week by EFF and O'Reilly and Associates, entitled "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design."
» Read the rest of the press release here
Six months later, on Tuesday, January 19, 1999, Distributed.Net, a worldwide coalition of computer enthusiasts, worked with EFF's DES Cracker and a worldwide network of nearly 100,000 PCs on the Internet, to win RSA Data Security's DES Challenge III in a record-breaking 22 hours and 15 minutes. The worldwide computing team deciphered a secret message encrypted with the United States government's Data Encryption Standard (DES) algorithm using commonly available technology. From the floor of the RSA Data Security Conference & Expo, a major data security and cryptography conference being held in San Jose, Calif., EFF's DES Cracker and the Distributed.Net computers were testing 245 billion keys per second when the key was found.
» Read the rest of the press release here
EFF's Cracking DES book (click to order)
Due to deep-seated Cold War fears, encryption is highly regulated by the U.S. Departments of State and Commerce, which refuse to license any secure encryption product for export unless it utilizes "key recovery", a law enforcement code word for the ability of third-parties (not originally intended to receive the message) to easily decrypt information. The results have been debilitating for the software industry and for networked communications. Since computer networks like the Internet are international in scope, strong encryption cannot be widely deployed in new software products to secure passwords and privatize messages, leaving them virtually unprotected from those who would gain unauthorized access or make unauthorized copies. Export controls have also greatly hampered groundbreaking work in the field of cryptography, hindering the development of the security that an ever-more global information infrastructure urgently demands. When undue regulation burdens and even prevents worldwide discourse concerning cryptography, new encryption methods cannot be tested adequately, workable international encryption standards cannot be developed, and cryptographers -- unable to publish or obtain essential peer review without fear of prosecution -- cannot be persuaded to enter the field of cryptography at all.
The US government DOES allow the export of weak encryption software without key recovery, but EFF has long maintained that these products are too insecure to be trusted.
The Data Encryption Standard (DES) is a published federal encryption standard created to protect unclassified computer data and communications. DES, which uses 56-bit "keys", has been incorporated into numerous industry and international standards since the Secretary of Commerce first approved DES as a Federal Information Processing Standard during the height of the Cold War in the late 1970s. Like other weak cryptosystems, DES and other encryption systems are exportable without key recovery, at the weak key lengths of 40 bits or less (the EFF DES Cracker project broke 56-bit DES, far stronger than the paltry 40-bit version that is exportable) while robust encryption, such as the 128-bit IDEA algorithm used by the PGP security product, remains subject to export restrictions (which often translate to domestic restrictions in effect, because software companies are reluctant to go to the expense of producing an export and a domestic version of their products.)
DES is now generally believed to be the most widely used general-purpose cryptosystem in the world. Although the initial selection of the algorithm was controversial since the NSA was involved in its design, DES has unfortunately gained wide acceptance and has been the basis for several industry and international standards.
The U.S. government has increasingly exaggerated both the strength of DES and the time and cost it would take to crack a single DES-encrypted message. The Electronic Frontier Foundation began its investigation into DES cracking in 1997 to determine just how easily and cheaply a hardware-based DES Cracker (i.e., a code-breaking machine to crack the DES code) could be constructed. EFF set out to design and build a DES Cracker to counter the claim made by U.S. government officials that American industry or foreign governments cannot decrypt information when protected by DES or weaker encryption, or that it would take multimillion-dollar networks or computers months to decrypt one message. Less than one year later and for well under US $250,000, EFF's DES Cracker entered and won the RSA DES Challenge II-2 competition in less than 3 days, proving that DES is not secure and that such a machine is inexpensive to design and build.
|DES Cracker "Deep Crack" custom microchip||DES Cracker circuit board fitted with Deep Crack chips||EFF's Cracking DES book (click to order)|
We believe that this material is legally published at each of these sites. A formal opinion from the US Commerce Department makes it clear that publishing links to these sites is "not an export that is subject to the Export Administration Regulations (EAR)".
When contemplating the source code, please refer to the Errata published on the last page of Section 8. There is a small but important error reported there.