c|net News
Friday, July 17, 1998
7:30 a.m. PT

Group cracks crypto standard

by Randy Weston,

The current 56-bit Data Encryption Standard (DES) is not as secure as believed, the Electronic Frontier Foundation (EFF) revealed today in an attempt to raise the ante in the political standoff with U.S. government officials trying to limit the strength of encryption approved for export.

"The news is not that a DES cracker can be built, we've known that for years", said Bruce Schneier, president of Counterpane Systems and advocate of easing government crypto export restrictions. "The news is that it can be built cheaply using off-the-shelf technology and minimal engineering, even though the Department of Justice and the FBI have been denying that this was possible."

The EFF built a machine for $220,000 that took three days to crack the DES code. The previous record was 39 days, according to the EFF. EFF executives said that now that the research is done, a duplicate machine can be built for as little as $50,000. It was the winning entry in the RSA Laboratory's DES Challenge II. The contest is held to demonstrate mainly to government officials that 56-bit DES encryption technology can be broken.

The code creates a key to decipher information. Key recovery is at the center of a long-standing debate about the U.S. crypto export policy. Privacy advocates and the industry alike oppose mandatory key-recovery features in export products because they say the systems present the possibility that law enforcement or unauthorized parties could gain access to scrambled data without due process or permission.

On the flip side, law enforcement has held its ground that unfettered export of encryption will lead to terrorists and criminals using the technology to cover their tracks. But proponents of free encryption, without mandated spare keys, contend that strong encryption already is available around the world.

EFF executives said the machine was designed to counter the claim made by U.S. government officials that it is impossible to decrypt or it would take multimillion-dollar networks of computers months to decrypt one message.

"This will prevent manufacturers from buckling under government pressure to dumb down their products since such products will no longer sell", said Barry Steinhardt, EFF executive director. "If a small nonprofit can crack DES, your competitors can too. Five years from now some teenager may well build a DES cracker as her high school science fair project."

The machine works much like an Internet search engine such as Yahoo or Excite. It combs the encryption for the right combination of 56 1s and 0s. Once the combination is assembled a message can be read. In the case of the RSA contest, the winner of which received $10,000, the message was "It's time for those 128-, 192-, and 256-bit keys."

"Producing a workable policy for encryption has proven a very hard political challenge", said John Gilmore, EFF cofounder and project leader in a prepared statement. "When the government won't reveal relevant facts, the private sector must independently conduct the research and publish the results so that we can all see the social tradeoffs involved in policy choices."

Copyright © 1998 by CNET, Inc. All Rights Reserved. Reprinted with permission.