[RC5] Re: rc5-digest V1 #287

John R T Brazier jbrazier at proproco.co.uk
Mon May 31 03:06:22 EDT 1999

Dear All,

For me, whilst I appreciate the feelings of other contributors, this d.net project may have a crucial effect on civil liberties in the future, by providing evidence for those interested in privacy and personal protection. The recent Wassenaar Agreement (http://www.fitug.de/news/wa/index.html) has western governments signing up to an effective limitation of crypto to 64 bits (block-type cypher). The NSA (godfathers of the agreement's text) would have everyone believe that 64 bits is 'uncrackable', and at the minute they are technically correct. 

Of course, 64 bits is breakable, and the efforts through d.net will prove it. Even if it takes us 10 years, it proves the point. When you consider that the NSA, with dedicated hardware and algorithms, is probably at least 1000 times more efficient than d.net (see below), then if it takes us 10 years (which is a conservative estimate at our current rate) to crack a 64-bit key it means that the NSA can do it in 3.5 days. In 18 months they'll do it in slightly under two days. Thus d.net is a provable measure of the fallability of cryptographic systems, and is evidence against governments that would like us to use flawed and readable crypto.

So I'll stick with it, even if it's not the sexiest project.


John B

PS: the 1000 to 1 estimate is my extrapolation from 'Cracking DES' by the EFF. I'd estimate a dedicated machine of field programmable gate arrays emulating a custom chip would be around 10 times faster than an equivalent cycle speed general-purpose CPU; it's then estimated that FPGAs are 10 to 100 times slower than a dedicated fabricated chip. We are left with an estimate of 100 to 1000 times faster using a dedicated custom-built (and parallelised) machine rather than a general purpose CPU. Given that the NSA has bags of money to build dedicated machines, and mathematical bods to develop advanced and efficient algorithms, they must be at least 1000 times more efficient than d.net. They may be very much more efficient when we start considering d.net's overheads in terms of management and communications. By the way, these are finger in the air estimates!


-----Original Message-----
From:	owner-rc5 at lists.distributed.net [mailto:owner-rc5 at lists.distributed.net] On Behalf Of Nico Schmoigl
Sent:	Friday, May 28, 1999 8:28 PM
To:	rc5 at lists.distributed.net
Subject:	Re: [RC5] Re: rc5-digest V1 #287


> Well that's it for me. After 30000 blocks and 180 days I'm retiring. I know this
> is small compared to most peoples efforts, but it seems alot to me! I mean, I
> know rc5 runs in the background so you can forget about it, but checking the
> stats page first thing in the morning, wondering how I could increase my keyrate
> and general key cracking anxiety became a way of life for me. When I read emails
> by fresh young crackers excited and enthusiastic about keyrates and all that, my
> heart fills with longing for the time when I felt that buzz. Will they be as
> keen in 180 days? After deciding to give up rc5 I felt a great wait(spelling
> intended) off my shoulders - I mean it is taking rather a long time isn't it?
> Aren't we in danger of proving to governments that 64bit encryption restrictions
> are in fact sufficient? In the words of I'm sure many famous songs, Does anyone
> feel the way I do????????

yes, I can confirm your thoughts and feelings. It does not make 
sense cracking a single message with thousands of maschines 
and even taking more than a year get it. Information which are older 
than some weeks are not interesting any more!
Ok, getting the news in several hours or even days (sometime 
weeks) would make sense, but even a month is much too long.
Even with increased keyrate power that does not make sense in 
the future since it is quite easy to add another bit to your key and 
then your cracking problem is even worse.

Imagine: PGP currently uses keys with about 2048 bits. That are 32 
times more than we currently are trying to crack in several years!

I have not given up yet cracking rc5-blocks. I think the idea, using 
idle processor time for doing something useful, is good! But the 
current task is not very useful. In my eyes we have shown that RC5-
64 can not be cracked by the bruteforce-methode. You, as a 
criminal cracker, can not rely on thousands of cracking maschines 
running your tasks because an operator would look for what is 
going on if he/she sees that the CPU is running at 100% of its 

I think it is very high time to move to another task that makes more 
sense. Sciense task seem to be very useful altough not making any 
>From the current number of retirements you can see that the peak 
of interest has gone away. Other projects get interest as they seem 
to be more useful (I do not think that the SETI project is more useful 
either, because the odds getting a message from Unknown are 
even less than cracking the RC5 contest).

These are on my 2 cents, so I expect getting flames :) 

But what are your ideas about that? Is distributed.net going down 


EMail: schmoigl at rumms.uni-mannheim.de
PGP-fingerprint: 5DDB 09E4 3FF3 CD09 7559  1117 9C03 46E3 38FC 9E03

To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list