[RC5] Branching, Deep Crack, hardware RC5, & projects

Chris Riley chris_riley at coral.net
Wed Jul 29 10:06:15 EDT 1998


Had a couple of comments on the following and a few un-related statements
that have appeared here in the past few days:

>> Also, since the Deep Crack machine(s) use a branching
>>algorithm to search more intelligently than us, that increases the chance
>>that the key will be found in the first 33-50% of the keys checked, which
>>is where we are most likely to be beaten.

>Interesting, anyone care to explain this branching algorithm in laymans
>terms? Is it something we could use?

I had been checking out the Cracking DES book last weekend and early this
week and couldn't find anything about a non-brute force technique.  The
only thing that comes close to a branch is how they eliminated false
positives, which from the description I've seen here sounds similar to the
way the d.net software does it.

>From my understanding I do not believe that they used a more intelligent
algorithm -- if so it would be a big blow to DES and, depending upon the
algorithm, could have many applications in other areas.

>Hardware for cracking other algorithms

The Cracking DES book seems to state that although this *exact* design
could not work for RC5 similar techniques, in similar prices ranges could
be used (I believe it would take more silicon to implement and be somewhat
slower since it is a different algorithm).  Thought that was interesting.

>The effect of d.net on crypto-policy

One question, could d.net be having a negative effect on the perceived
security of RC5-64?  And if not actually having such and effect, how often
will it be twisted to sound like it is?   For example, in the EFF book the
FBI and NSA are quoted as using d.net's results on RC5-56 to show that it
is just too hard for them to even crack 56 bits - "But that idea [brute
force cracking] is simply unworkable, because this kind of brute force
decryption takes too long to be useful to protect the public safety.  For
example, decrypting a single message that had been encrypted with a 56-bit
key took 14,000 Pentium-level computers over four months;  obviously, these
kinds of resources are not available tot he FBI..." (see 1-2, 1-3 etc and
http://www.computerprivacy.org/archive/03171998-4.shtml -- for the entire

Now, they are saying that since d.net had so many general purpose, 'high
speed,' machines that the can't match it, ignoring the fact of machines
like the EFF machine, the number of machines some companies have etc.  No
imagine we crack RC5-64 in 7 years they'll say -- it took XX,000 Pentium II
class machines 7 years to crack RC5-64, so look how strong it is.

I'm not suggesting to abandon d.net, but at least talk about the
ramifications of spending X years on the project -- on the plus side doing
it: keeps to group together until v3, gives groups like EFF someone to aim
at, for the technically minded shows the flaws since they are aware of the
issues.  However it *will be* twisted for other people's purposes when 64
is cracked, how should d.net react?  What steps can d.net take to help
minimize the opportunity to have the results used this way?  Comments?

Have a good day,

(aka elves at santaclaus.com)

p.s. EFF says that if/when the entire text of the book is available online
(outside the US of course) there will be links here, there are none as of
today (see 4-3 in the book):

The closest working link is :

To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list