[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DES challenge news (fwd)
Distributed key cracking efforts have been discussed in detail on
cypherpunks and coderpunks for quite some time. A Swedish group
trying to solve RSADSI's DES challenge chose to ignore the results.
Here is what they got (from RISKS 19.14):
>Date: Mon, 12 May 1997 17:56:54 +0200 (MET DST)
>From: Thomas Koenig <[email protected]>
>Subject: DES challenge news
You may remember RISKS-19.09, in which I discussed the risks in a
network-wide attack on the RSA DES challenge: The Swedish group at
http://www.des.sollentuna.se/ didn't give out its source, so the client
could, in fact, do anything, such as crack a master EC-card key. The reason
given was client integrity.
Well, a month after this, the promised source code release has not happened.
Instead, it appears that somebody disassembled part of the client, made a
version that reported fake "done" blocks, and then sent these to the
servers.
Moral? Don't ever think that nobody can read compiled code. Don't try to
run a cooperative effort like this in a closed development model.
Thomas Koenig, [email protected], [email protected].
------------------------------