[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DES & RC4-48 Challenges



At 11:52 PM 8/21/95, Timothy C. May wrote:

>Call it a factor of "only" 6000 times harder than the SSL challenge. Hard
>to imagine this happening in the next two years.
>
>Maybe if much of the Net community was energized to run DES crackers
>instead of Flying Toasters, but a hard effort to organize...for fleeting
>reward.

        Given the rate at which news of the prior cracks seems to have
spread among people quite new to these questions, I think you'd be
surprised: I've heard mention of it from no less than ten people who, to my
knowledge, had never before taken any interest whatsoever in crypto
questions. Granted, ten people a-laboring away on Pentiums and PPCs ain't
much--but, who knows?, my experience might just scale quite well.
        Yes, I know: Life is short and art is long. Still, I think it's
worth a try: failure seems likely and success remote, but how much sweeter
victory if the project were to succeed.
        The key, I think, would lie in making participation in the project
extremely accessible: developing simple platform-specific apps that'd make
sweeping space nearly idiot-proof. If joe.anne.net could DL an app
appropriate to hir platform then fill out field in a web page that would
delegate keyspace according to the question "I can let my [platform] run
for [n] hours," and easily report back the results, the response might be
quite strong. How long it would take to succeed, _if_ it did, is anyone's
guess: it could be a day or a decade.
        Obviously, the preparation would be a labor-intensive; the
trade-off, a good one imho, is that this labor having been performed, the
reservoir of potential contributors would expand manifold. If we could
increase the reservoir by a factor of 1000, which isn't at all unlikely,
that advance would be nothing to sneeze at.
        Cracking something that for now seems beyond reach would up the
ante in a pretty big way, and would put that much more pressure on
policymakers to jack that bit-limit up. And that's exactly what we want.

Ted