[RC5] Re: rc5-digest V1 #287

John R T Brazier jbrazier at proproco.co.uk
Tue Jun 1 22:35:22 EDT 1999

>> For me, whilst I appreciate the feelings of other contributors, this
>> d.net project may have a crucial effect on civil liberties in the
>> future, by providing evidence for those interested in privacy and
>> personal protection. The recent Wassenaar Agreement

> I can't see why, we knew before we started how much time it would
> take to break, depending on how much CPU power was available.

'How much CPU power was available' is the point: if everyone wanders off to CETI then there won't be any ...

>> cypher). The NSA (godfathers of the agreement's text) would have
>> everyone believe that 64 bits is 'uncrackable', and at the minute they
>> are technically correct.

> No, they just say it's difficult, and I think we're proving them
> right.

In general, the establishment has always tried to foster the idea that current technology 'is safe enough'. In fact, last year the US LEAs were still trying to convince people DES was safe: when it quite clearly was not. Under such conditions, the more arguments that can be mustered, the better. Right now, no-one can claim to have broken RC-64 under 'real' conditions (to my knowledge).

>> Of course, 64 bits is breakable, and the efforts through d.net will
>> prove it. Even if it takes us 10 years, it proves the point. When you
>> consider that the NSA, with dedicated hardware and algorithms, is
>> probably at least 1000 times more efficient than d.net (see below),

> Everything here is pure math, there's no need to guess about anything.
> EFF (?) has already made such a machine, and it's almost as fast as
> d.net combined. With two such machines, it would be twice as fast.
> Us cracking RC64 doesn't change that either way.

The point is surely that the NSA probably has dedicated machines that can crack RC5-64, and probably higher. But as they won't show us, we have to try to get estimates of what they might have. D.net provides us a base from which we can produce estimates, but until we get a break the estimates can always be challenged. 

For example, EFF's DES machine is parallelized: the more units you bolt on, the faster it gets. EFF spent $210,000 to get a machine that breaks Des in 4.5 days on average. The NSA might spend $10,000,000: their machine (according to EFF's figures and taking no economies of scale, but assuming same design) would break a DES key in about 15 hours. Thus EFF's project lets us get a window on the NSA's capabilities - although we still have to make assumptions. I'm hoping that d.net will also give us pointers.

>> than d.net. They may be very much more efficient when we start
>> considering d.net's overheads in terms of management and
>> communications. By the way, these are finger in the air estimates!

> Definitely. I don't know any numbers myself, though, so I won't
> start guessing.

That's half the fun!


John B
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list