Cracking DES code all in a day's work for security experts
SAN JOSE, Calif. (IDG) -- Cracking the 56-bit DES encryption algorithm no longer takes a number of years to achieve; it can now be done in one day, as was demonstrated by a hacking group participating in RSA Data Security's yearly DES Challenge contest.
The DES Challenge III, started here at the RSA Data Security Conference on Monday, was over in 22 hours and 15 minutes, according to Jim Bidzos, president and CEO of RSA.
"The trend is very clear: 56 bits really isn't going to be providing you a lot of security," Bidzos said.
"If you are protecting tomorrow's headline I think you're okay at least until the next conference. But if you're protecting something else I think you're going to need something stronger," Bidzos added.
A message, encrypted using the 56-bit DES algorithm was released, with a purse of $1,000 available to whoever could break it in the least amount of time.
The algorithm was cracked in record time by the Electronic Frontier Foundation using "Deep Crack," a specially designed supercomputer, and Distributed.Net, a worldwide coalition of computer enthusiasts. The previous record for the amount of time taken to break the code was 56 hours.
Response from industry observers was mostly in agreement: 56-bit DES is no longer secure.
"It indicates the perils that we face if we don't get our acts together on the Internet," said Mark Greene, vice president of security at IBM, in Armonk, N.Y.
The breaking of the code should also send a message to government officials who claim that 56-bit encryption using DES is secure for communications, according to analysts.
"It's more evidence that the U.S. government claim about being unable to break 56-bit DES is nonsense," said Jim Balderston, an industry analyst at Zona Research, in Redwood City, Calif. "They can crack it and they can apply a lot more computer power than a cobbled together machine."
Matthew Nelson is a senior writer for InfoWorld.
Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.