|
The Data Encryption Standard (DES) was released in 1975. It had its origins
in Lucifer, an IBM encryption system designed for commercial users. Instead of improving on Lucifer,
DES was made weaker. The key size was restricted to 56 bits (Lucifer used a 128-bit key) and the workings of
the substitution registers (S-boxes) were changed and the details classified.
At the time of its release professionals in the crypto field expressed serious concern about the motives of
the National Security Agency (NSA). In spite of their estimates that a machine could be constructed to crack
DES, official statements assured users that DES was indeed very strong. In 1997 a U.S. House of
Representatives Committee heard classified testimony from the FBI and NSA to the effect that cracking DES was
just so difficult that suggestions of official eavesdropping were ludicrous.
In 1997 the Electronic Frontier Foundation (EFF) began an investigation into DES Cracking. A budget in the
order of US$210,000 was estimated ($80,000 for labour and $130,000 for material). The project took about
eighteen months (including preliminary research) to complete. The DES Cracker worked.
A full description of how it was done has been compiled by EFF and published by O'Reilly. Because books are
sacrosanct in the eyes of the U.S. Constitution, publication in this form was the only way to release the
information into the community at large. The text is a bit warts-and-all; O'Reilly's books are a benchmark
for typographic excellence and quality control, but they had to take the text as-is and readers will spot a
few, albeit inconsequential, typos. The bulk of the book is devoted to code listings (designed to be scanned)
and technical specifications; that is an error-free zone.
Even if the code is beyond your comprehension, and the schematic diagrams are all Greek to you, the text
makes fascinating reading.
The significance of the EFF DES-Cracker project is that all the communications encrypted using DES are
vulnerable, and always were vulnerable. For some commercial users that is a worry.
The book is unusual in that, apart from some of the text, there is no copyright. Indeed, the cover carries a
banner: Scan this book!
EFF: Cracking DES
ISBN 1-56592-520-3
Published by O'Reilly,
262 pp.
RRP $69.95 |
Reprinted from the June
2000 issue of PC Update, the magazine of Melbourne PC User Group, Australia
|
