[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Copyright (C) 1995 
Tim Philp 
Brantford, Ontario 
Article appeared in The Expositor, Brantford, Ont., Canada 
Sept 9th, 1995 
		      Tim Philp 
	A couple of weeks ago an extraordinary event took 
place that has implications for all users of the Internet. A 
group on the Internet, who call themselves CYPHERpunks, 
ran a test of a code system that was considered uncrackable in 
any reasonable amount of time. This in itself was not the 
extraordinary event. This code was broken by the cypherpunks 
in only 31.5 HOURS! That's right, hours. This code, called 
SSL used a 40 bit encypherment key with  1,099,511,627,776 
possible combinations. 
	To give you an example of just how incredible this 
feat was, let's examine the security of this code. If you were to 
try 1 key per second it would take you just over 34,841 years to 
try them all. That is almost five times longer than all of 
recorded history. 
	How was this done and what does this mean to users 
of the Internet? The how part is simple to explain, the meaning 
will be more difficult to divine. 
	The security of a code must rely only upon the key 
used to encipher the plaintext. It is assumed that the method of 
encryption is well known, as indeed it would be if it were used 
in a commercial product. Someone would disassemble the code 
and figure out the method. It is for this reason that security 
cannot reside in a secret means of encypherment. SSL is one 
such code. 
	This group, the Cypherpunks, wrote a program that 
would try keys in sequence and then they distributed it to the 
Internet community. They then set up a central computer that 
people all over the world could call into and get assigned a 
group of keys to try. These people would then feed these keys 
into the code cracking program and report the results to the 
central computer.  
	With hundreds of users taking part, using computers 
that were sitting idle at nights running screen savers, they 
cracked the code in 31.5 hours. 
	One of the greatest arguments against people trying 
this kind of brute force attack on codes, is that the computer 
time and power required would cost the earth. In actual fact, 
this successful attack cost nothing at all as the computers used 
were sitting idle. 
	Everything from little 286 PCs to mini-computer 
workstations were pressed into service labouring long over the 
weekend tirelessly trying one possible key after another until 
they cracked the code. 
	Because this was an academic excersise, there was no 
harm done. The purpose was to prove how quickly a 40 bit 
code could be cracked. I confess to be astounded at just how 
fast this was accomplished. 
	This points out two remarkable possibilities for the 
new communications technology that we are only now 
beginning to use. If that code were protecting sensitive 
information, such as a bank funds transfer, this group could be 
very rich. 
	It does also point out a new way of using the Internet 
to solve problems that have long eluded solution because of the 
shear computational size of the problem.  
	If the problem were to be divided up into small 
chunks and given to hundreds of computers worldwide, 
solution may become possible. We are just beginning to 
understand the possibilities. 
This file may not be reproduced by any means without the 
permission of the author 

Version: 2.6


For PGP Public Key, Send E-mail to:
[email protected]
In Subject line type: