[RC5] Cracking 40 bits in realtime

Greg Wooledge wooledge at kellnet.com
Tue Jan 6 21:38:53 EST 1998


gindrup at okway.okstate.edu (gindrup at okway.okstate.edu) wrote:

>      Fine.  Only return a hash of the decrypted message.  This is 
>      thoroughly discussed in the theory of zero-knowledge proofs.  We can 
>      prove that we know the decrypted message while giving away none of its 
>      contents.  Schneier covers this in the "Advanced Protocols" section of 
>      Applied Cryptography.

This will hide the plaintext from the submitter, but the person who
actually cracked the message will still have the key, assuming that the
proposed 40-bit decryption project works like the Bovine project in terms
of logging.  That person could use the key to produce the plaintext,
even if (s)he has to do it by hand.  Or that person could publish the
key, allowing others to produce and read the plaintext.  Or that person
could publish the plaintext....

Now, I know all of you reading this are nice, moral, ethical people
who'd never use the plaintext for the wrong reasons....[1]  But *They*
don't know that.  And *They* will not trust you to keep the key a secret.

So... I'm not trying to be a spoilsport here, but if arbitrary people are
allowed to use the distributed.net computing power to crack encrypted
messages -- no matter how carefully d.net tries to keep the plaintext
secret -- there will be people out there who will see us as a threat.
If those people are powerful enough and concerned enough, they may try
to shut us down.  This is a worst-case scenario, of course, but I can't
sit by and silently pretend it's impossible.  Eric, you're obviously
someone with experience in the corporate world; you *know* how non-techies
"think".  You're using cc:Mail; that's example enough.

Arguing with me is fine; I don't mind it.  I like to play devil's
advocate, and that's clearly what I'm doing here.  Bear in mind, though:
you don't have to convice me that the idea is nonthreatening; you have
to convince *Them*.

-- 
# Greg Wooledge                         # "Daddy, why do those people have to
# wooledge at kellnet.com                  #   use Microsoft Windows?"
# http://kellnet.com/wooledge/main.html # "Don't stare, son; it's not polite."
#        --  Crack RC5-64 now! http://www.distributed.net/rc5/  --

[1]"Is that a tongue in your cheek, or are you just happy to see me?"
--
To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list