13 February 1997


Loosely organized international group checks a record 162082778549251 keys in 13 days to find correct solution

ZURICH: More than 5000 computers connected via the Internet have broken the most difficult cryptographic challenge ever solved, in just over thirteen days. The challenge was one of a series of cryptographic challenges recently offered by RSA Data Security, Inc., a U.S. firm which produces cryptographic software.

The Internet group's successful attempt on the challenge, which is the second record-breaking cryptographic challenge solution within the last two weeks, demonstrates in a dramatic fashion that many encryption systems -- such as those commonly used on the Internet, in electronic commerce, and in so-called "Smart Cards" -- can be broken with relative ease using modern computing techniques.

The challenge was solved by a loosely organized group of individuals from around the world who banded together to create a project known as the "Distributed Internet Crack." The group was created by Germano Caronni, a member of the Swiss Federal Institute of Technology in Zuerich, and quickly grew to include hundreds of people, from commercial as well as academic sites, who worked at a furious pace to write and optimize the necessary software and then run it on thousands of computers simultaneously. The group never met in person but communicated via email. Continuously updated pages on the World Wide Web, available in four different languages, provided the latest information and progress reports.

The Distributed Internet Crack first attacked the easiest of RSA's challenges. The group solved this challenge in 3 1/2 hours, only minutes after another group submitted the correct answer. After coming so close to winning the first challenge, the group decided to take on the second one, hundreds of times as difficult. The challenge required that up to 281474976710656 different keys be checked.

By putting the power of thousands of powerful and not-so-powerful computers together via the internet, the second challenge was solved on Monday, February 10th, a little over thirteen days after it was issued.

The successful completion of the challenge broke new ground in several ways: Besides cracking the hardest key ever, the event also brought together the most computers ever working on a single Internet project (over 5500 computers were operating simultaneously at one point, and over 10,000 computers joined in the project at one time or another), and produced the most cryptographic keys ever checked per second in an openly publicized effort (over 440 million keys per second at peak, and an average of 140 million keys per second over the entire project).

The group is now planning to attempt another challenge issued by RSA, this time aimed at the DES cipher, which has been used in American and other financial institutions for many years.

References: RSA Data Security Secret-Key Challenges: http://www.rsa.com/rsalabs/97challenge/
Team Web Page: http://www.klammeraffe.org/challenge/
Software: ftp://ftp.tik.ee.ethz.ch/pub/projects/dic/
IRC: #challenge
Preliminary Web page for DES challenge: http://fh28.fa.umist.ac.uk/~des/

Note: Both long numbers in this document have exactly 15 digits.

Local contact: Melanie Dymond Harper, mel@herald.co.uk, 0181 288 8852