Internet groups prove US export restrictions deny security to millions

LONDON, 5/2/97 -- Tonight's showing of the BBC drama "Breaking the Code" is sure to revitalise interest in the work which took place at Bletchley Park during World War II. Today, however, there's another huge cipher-cracking operation in progress -- this time performed by an international group using over 2000 machines all around the world.

Germano Caronni, a researcher based in Zurich, has gathered together hundreds of volunteers to attempt the second of the RSA Data Security Secret-Key Challenges. His group were pipped to the post in the first of the Challenges by a US-based group, but since then they have expanded considerably; their software has also been rewritten and tuned for best performance.

The Challenges have been established by RSA Data Security as an experiment to test the security of various ciphers endorsed by the US Government. The Challenge which involved a 40-bit key -- the maximum size generally allowed for cryptography software exported from the US -- was broken in just a few hours, using computer power available to any knowledgable university student. (Large corporations and governments have such power easily at hand; the US government restrictions are designed to allow the government itself to break keys if necessary.) The 48-bit Challenge, 256 times as difficult, is expected to take a few weeks, even though Caronni's team are currently testing over 100 million keys every second.

Perhaps the most remarkable aspect of the team's efforts is that all of the key-testing is taking place in the computers' idle time; time that would otherwise be wasted. Several thousand computers are currently donating their spare processing power to Caronni's project, and more are joining all the time.

Caronni hopes that the team's effort will show how vulnerable today's short-keyed ciphers are against determined adversaries: "We are confident of reaching our goal and breaking this 48 bit key with essentially zero cost in reasonable time."


RSA Data Security Secret-Key Challenges: http://www.rsa.com/rsalabs/97challenge/
Team Web Page: http://www.klammeraffe.org/challenge/
Software: ftp://ftp.tik.ee.ethz.ch/pub/projects/dic/
Mailing list: challenge@list.ee.ethz.ch
IRC: #challenge

Coordinator: Germano Caronni, caronni@tik.ee.ethz.ch UK Contact: Melanie Dymond Harper, mel@herald.co.uk, 0181 288 8852