[RC5] Branching, Deep Crack, hardware RC5, & projects

David Paetz depaetz at mgl.ca
Thu Jul 30 21:54:16 EDT 1998


On Wed, 29 Jul 1998 09:06:15 -0400, Chris Riley wrote:

>One question, could d.net be having a negative effect on the perceived
>security of RC5-64?  And if not actually having such and effect, how often
>will it be twisted to sound like it is?   For example, in the EFF book the
>FBI and NSA are quoted as using d.net's results on RC5-56 to show that it
>is just too hard for them to even crack 56 bits - "But that idea [brute
>force cracking] is simply unworkable, because this kind of brute force
>decryption takes too long to be useful to protect the public safety.  For
>example, decrypting a single message that had been encrypted with a 56-bit
>key took 14,000 Pentium-level computers over four months;  obviously, these
>kinds of resources are not available tot he FBI..." (see 1-2, 1-3 etc and
>http://www.computerprivacy.org/archive/03171998-4.shtml -- for the entire
>text.)

I can see what you are saying here, and I have seen this reaction from a couple friends 
of mine.  I think for d.net to properly display the picture that the number of machines 
working on the effort should be classed by the CPU type, or relative computing power.

Excuse any ignorance, as I am not even remotely familiar with the inner workings of the 
client... but it might be an idea (and I don't even know if this is possible) for the clients 
to record the actual amount of CPU time that the client used for the given block (not 
how long the client was running to do that block, but the total time the client was active 
on the CPU to complete that block), and the CPU type, and have this information 
submitted for each block that was "checked in".

I think with more detailed recording, then the picture could be painted better.  It might 
be an idea to have more comprehensive benchmarks for the different CPU types and 
then averages developed (removing the outlyers of course) for each type/category of 
CPU.  With the definition of a "reference system", the benchmark averages could be 
used to define the relative speed, and then have the cracking time expressed say as a 
figure in MHz-hrs or something.

This would let d.net express the cracking time results in more favourable formats, 
which would help to prevent people from overly generalizing and saying that it to X x 
1000 Gigabuster 2 years to crack it...  seeing that I think there are a considerable 
number of machines working on d.net that are probably not even at todays entry level 
system (I know in my case, 4 of the 5 machines I have working are 486-100s).

Just an idea, no flames please :)




David
EMAIL: depaetz at mgl.ca



David
EMAIL: depaetz at mgl.ca

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list