[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DES challenge news (fwd)

To: [email protected]
Subject: DES challenge news (fwd)
From: [email protected] (Ulf M�ller)
Date: Thu, 15 May 1997 00:07:46 +0200 (GMT+0200)
Sender: [email protected]

Distributed key cracking efforts have been discussed in detail on
cypherpunks and coderpunks for quite some time.  A Swedish group
trying to solve RSADSI's DES challenge chose to ignore the results.
Here is what they got (from RISKS 19.14):

>Date: Mon, 12 May 1997 17:56:54 +0200 (MET DST)
>From: Thomas Koenig <[email protected]>
>Subject: DES challenge news

You may remember RISKS-19.09, in which I discussed the risks in a
network-wide attack on the RSA DES challenge: The Swedish group at
http://www.des.sollentuna.se/ didn't give out its source, so the client
could, in fact, do anything, such as crack a master EC-card key.  The reason
given was client integrity.

Well, a month after this, the promised source code release has not happened.
Instead, it appears that somebody disassembled part of the client, made a
version that reported fake "done" blocks, and then sent these to the
servers.

Moral?  Don't ever think that nobody can read compiled code.  Don't try to
run a cooperative effort like this in a closed development model.

Thomas Koenig, [email protected], [email protected].

------------------------------

Prev by Date: Re: Information request
Next by Date: Re: Spam IS Free Speech
Prev by thread: DoJ on Bombmaking Info
Next by thread: microstock market
Index(es):
- Date
- Thread