[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RSA Announces New "DES Challenge"
RSA Announces New "DES Challenge"
Tens of thousands of dollars in cash prizes offered; contest should
improve overall Internet security by illustrating relative strength
of different crypto algorithms and keysizes.
Business Editors and Computer Writers
REDWOOD CITY, Calif.-Jan 2, 1997--RSA Data Security, Inc., a wholly
owned subsidiary of Security Dynamics Technology, Inc. (NASDAQ:
SDTI), today announced an Internet-based contest with cash prizes.
The contest, known as the "RSA DES Challenge", challenges
mathematicians, hackers and computer experts around the world to
decipher encrypted messages. The goal of the contest is to quantify
the security offered by the government endorsed DES encryption
standard and other secret-key ciphers at various key sizes.
The challenge proper will be launched during the RSA Data Security
Conference to be held in San Francisco, January 28-31, with the
target ciphertexts for the different contests being simultaneously
posted on the company web-site, at http://www.rsa.com/
RSA Data Security pioneered the Internet-based "cracking" contest,
when it launched the original "RSA Factoring Challenge" back in 1991.
Since then, the company has paid out over $100,000 in prize money to
mathematicians and hackers around the world, and the data gained from
that Challenge (which is ongoing) has greatly increased
mathematicians' understanding of the strength of encryption
techniques based on the "factoring problem", such as the RSA Public
Key Cryptosystem T.
Background
It's widely agreed that 56-bit keys, such as those offered by the
government's DES standard, offer marginal protection against the
committed adversary. By inertia as much as anything else, DES is
still used for many applications, and the 20-year-old algorithm is
proposed to be exportable under the latest incarnation of Clipper. It
is the perfect time to demonstrate to the world that better systems
are both required - and available - thus improving the world's
security.
There have been theoretical studies done showing that a specialized
computer "DES cracker" could be built for a modest sum, which could
crack keys in mere hours by exhaustive search. However, no one is
known to have built such a machine in the private sector - and nobody
knows if one has been built in any government, either.
The successes of the RSA Factoring Challenge show that for some types
of problems, it's possible to recruit spare "cycles" on a large
number of machines distributed around the Internet. Therefore, by
offering a suitable incentive, it should be possible to recruit
sufficient CPU power across the Internet to exhaustively search the
DES keyspace in a matter of weeks.
Computer scientists have already developed software that will allow
even the novice computer user to participate in the cracking effort.
By incorporating the key search software in a "screen saver", a
simple PC anywhere on the Internet can devote its spare time to
working on the problem - remotely and completely unattended. Even
people with limited computer skills will be able to participate. In
the RSA DES Challenge, the motto will definitely be "The More, The
Merrier".
The Contest
Full details of the RSA DES Challenge will be posted on the RSA home
page (http://www.rsa.com/) during the first weeks of January.
Complete rules for the competition will be provided as well as
example challenges and solutions against which computer scientists
and hackers can test their software.
In conjunction with the RSA DES Challenge, RSA will simultaneously
launch a series of other contests based around the RC5 Symmetric
Block Cipher (another encryption algorithm). Since RC5 is a variable
key length block cipher, targets that offer increasing resistance
against so-called "exhaustive search attacks" will be posted in the
hope of assessing the full impact of a widely-distributed exhaustive
search. There will be 12 challenges based on the use of RC5. Prizes
will be awarded for the recovery of each of 12 keys which are chosen
to be of lengths varying from 40 bits all the way up to 128 bits,
with the length increasing in steps of eight bits.
The email sender of the first correctly formatted submissions to each
contest will receive a cash prize. For the RSA DES Challenge the
first sender of the secret DES key will receive $10,000. For the
other contests the prize money awarded will vary with the difficulty
of the RC5 key attacked.
For more information about the ongoing RSA Factoring Challenge send
email to [email protected] and for the latest news and
developments send email to [email protected].
About RSA Data Security, Inc.
RSA Data Security, Inc., a wholly owned subsidiary of Security
Dynamics Technologies, Inc., is the world's brand name for
cryptography, with more than 75 million copies of RSA encryption and
authentication technologies installed and in use worldwide. RSA
technologies are part of existing and proposed standards for the
Internet and World Wide Web, IT4, ISO, ANSI, IEEE, and business,
financial and electronic commerce networks around the globe. The
company develops and markets platform-independent developer's kits
and end-user products, and provides comprehensive cryptographic
consulting services. For more information on any of RSA's encryption
technologies, please call RSA directly at 415/595-8782 or send
electronic mail to [email protected]. RSA also provides information on
its Web site at http://www.rsa.com.
****************************************************************
Kurt R. Stammberger
Director, Technology Marketing
RSA Data Security, Inc. (A Security Dynamics Company)
415-595-8782 vox 415-595-1873 fax
[email protected] www.rsa.com