FW: [HARDWARE] Mac Questions -

Oliver Otte rc5list at seo.de
Tue Mar 12 18:18:09 EST 2002


Original post of Trei Peter (that didn't make it to the list) (being a reply to John)

>> I think that you're forgetting history - specifically the reason that I
>> persuaded RSA to set up and fund the symmetric key contests
>> (before I start working here, I might add).
>>
>> Back in the mid 90's, you could not export software from the
>> US incorporating symmetric cryptography with keys longer than
>> 40 bits, and even that took weeks or months of NSA review under
>> the ITAR (International Traffic in Arms) regulations. Companies
>> also disliked having to stock both exportable (with weak crypto)
>> and domestic (with strong crypto) versions of products - they
>> tended to just write an exportable version and sell that both
>> domestically and abroad.
>>
>> People who understood crypto weren't very happy with this, but
>> no one had actually shown that 40-bit crypto was weak in an
>> inarguable way. Finally, in 1995 Hall Finney published a challenge
>> on the cypherpunks mailing list. Within a few months 40 bit
>> crypto was successfully brute forced by several teams. Needless
>> to say, this killed the market for 40 bit crypto.
>>
>> Soon after that, the USG proposed letting crypto of up to 56
>> bits strength be exported. To anyone familiar with the field,
>> this, too, was clearly inadequate. I proposed 'Killing Single DES',
>> in the fall of '96. RSA agreed to set up, fund, and administer
>> the 'Symmetric Key Challenges'. To provide a measure of the
>> releative strength of different key lengths, in addition to the DES
>> contests, RSA set up a series of challenges using RC5, which
>> has an adjustable strength.
>>
>> The Challenges were an unmitigated success. Within months,
>> DES had been brute forced repeatedly (most noteably in 23 hours
>> by a combined EFF(Deep Crack) and dnet team), and it was
>> dead as a serious cipher. Export liberalization soon followed.
>>
>> The challenges and their prizes were never withdrawn, and
>> dnet started on RC5-64 as soon as they had finished the
>> previous contest. A couple years ago, I suspect the prizes were
>> a significant chunk of cash for dnet (which won them regularly).
>> That may no longer be the case. Also, when the 64 bit contest
>> started fighting crypto export regulations was a lot more
>> important than it is now.
>>
>> So that's why the challenges are there. Far from 'giving RSA
>> 10-25M$', RSA has shelled out tens of thousands of dollars
>> on the contests. In return, all RSA has received is a little
>> publicity (and none since early 2000). On the other hand, every
>> user of the Internet has benefited from being able to obtain and use
>> strong cryptography. John: 'global society' has benefited mightily
>> from the RSA key cracking contests.
>>
>> OTOH, I'd be very suprised if anyone attacks keys > 64 bits in
>> the foreseeable future.
>>
>> Peter Trei
>> Cryptoengineer
>> ptrei at rsasecurity.com
>>
>> Disclaimer: The above is my personal opinion only, so don't
>> try to pin it on anyone else!
--
To unsubscribe, send 'unsubscribe hardware' to majordomo at lists.distributed.net



More information about the Hardware mailing list