advertising information
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




Cracking DES code all in a day's work for security experts

January 21, 1999
Web posted at: 3:55 p.m. EST (2055 GMT)

by Matthew Nelson

Congress considers easing cryptography rules
Message Board:

Do you think all encryption code should be tested by hackers?

Yes No
View Results

SAN JOSE, Calif. (IDG) -- Cracking the 56-bit DES encryption algorithm no longer takes a number of years to achieve; it can now be done in one day, as was demonstrated by a hacking group participating in RSA Data Security's yearly DES Challenge contest.

The DES Challenge III, started here at the RSA Data Security Conference on Monday, was over in 22 hours and 15 minutes, according to Jim Bidzos, president and CEO of RSA.

"The trend is very clear: 56 bits really isn't going to be providing you a lot of security," Bidzos said.

"If you are protecting tomorrow's headline I think you're okay at least until the next conference. But if you're protecting something else I think you're going to need something stronger," Bidzos added.

A message, encrypted using the 56-bit DES algorithm was released, with a purse of $1,000 available to whoever could break it in the least amount of time.

  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Internet commerce section
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at's personal news page
  Subscribe to's free daily newsletter for IT leaders
  Questions about computers? Let's editors help you
  Search in 12 languages

The algorithm was cracked in record time by the Electronic Frontier Foundation using "Deep Crack," a specially designed supercomputer, and Distributed.Net, a worldwide coalition of computer enthusiasts. The previous record for the amount of time taken to break the code was 56 hours.

Response from industry observers was mostly in agreement: 56-bit DES is no longer secure.

"It indicates the perils that we face if we don't get our acts together on the Internet," said Mark Greene, vice president of security at IBM, in Armonk, N.Y.

The breaking of the code should also send a message to government officials who claim that 56-bit encryption using DES is secure for communications, according to analysts.

"It's more evidence that the U.S. government claim about being unable to break 56-bit DES is nonsense," said Jim Balderston, an industry analyst at Zona Research, in Redwood City, Calif. "They can crack it and they can apply a lot more computer power than a cobbled together machine."

Matthew Nelson is a senior writer for InfoWorld.

Related stories:
Latest Headlines

Today on CNN

Related stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

Enter keyword(s)   go    help


Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.