Wired News
Friday, July 17, 1998
8:10am PDT

Fed Encryption Standard Exposed

A leading Internet civil rights organization says it has exploded the debate on US encryption policy by demonstrating a dramatically faster way to crack the Digital Encryption Standard (DES), the federally promulgated software algorithm. Moreover, it did so with relatively inexpensive technology.

The Electronic Frontier Foundation said in a statement today that its "EFF DES Cracker", built for under US$250,000, had cracked an encoded message in fewer than three days. The old record, established using a huge network of computers, was 39 days.

"EFF has proved what has been argued by scientists for 20 years, that DES can be cracked quickly and inexpensively", said John Gilmore, the organization's co-founder and leader of the encryption project. "Now that the public knows, it will not be fooled into buying products that promise real privacy but only deliver DES. This will prevent manufacturers from buckling under to government pressure to 'dumb down' their products, since such products will no longer sell."

"EFF's machine is not cutting-edge engineering", said Bruce Schneier, president of Counterpane Systems, in an email.

"It is not state-of-the-art cryptography. It is not bleeding-edge technology. The machine uses old, boring chip technologies, simple hardware design, not-very-interesting software, and no cryptography. This is not a marvel of engineering. The only interesting thing is how straightforward the design really is."

Schneier said the EFF machine is significant in that it does what the government has denied is possible.

At a gathering of cryptography experts last month, Robert Litt, principal associate deputy attorney general at the Department of Justice, denied that it was possible even for the FBI to crack DES.

"[It is a myth that] we have supercomputers that can crack anything that is out there", Litt said.

Short of a supercomputer, Schneier said the EFF machine "uses old, boring chip technologies, simple hardware design, not-very-interesting software, and no cryptography. This is not a marvel of engineering; the only interesting thing is how straightforward the design really is", he said.

The government established the 56-bit DES as a standard in 1977, and has claimed that the vast difficulty and expense in cracking DES makes it sufficiently safe, and that stronger encryption was not only unnecessary but dangerous, since it could be used by terrorists and other criminals. Thus, it has not allowed the export of 128-bit encryption without "key recovery", a means by which a third party -- meaning, law enforcement -- can recover the information.

The federal policy has long outraged privacy advocates and the US computer industry, which is eager to sell its wares overseas. They also argue that export controls have put the brakes on domestic encryption development.

The San Francisco-based EFF said it used the DES Cracker in an RSA Data Security contest that began Monday at 9 am PST, and by late Wednesday afternoon had cracked a message that read, "It's time for those 128-, 192-, and 256-bit keys." RSA Data Security had put up $10,000 for the first team to crack the message.

"The EFF is a civil liberties group, and this was just a demonstration project", said Schneier. "There are undoubtedly many technical improvements that can be made to the EFF design to make brute-force search cheaper and faster. But the fact that a civil liberties group can use old technology to build something that the adminstration has denied can be built ... that's the real news."

EFF said the full results of its DES crack are documented in a book published this week by the group and O'Reilly and Associates, entitled Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design.

Copyright © 1998 by Wired Ventures Inc. All Rights Reserved. Reprinted with permission.