Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RC5-64 Success

michael posted about 12 years ago | from the only-a-matter-of-time dept.

Encryption 410

Peter Trei writes "After over four years of effort, hundreds of thousands of participants, and millions of cpu-hours of work, Distributed.net has brute forced the key to RSA Security's 64 bit encryption challenge, winning a US$10,000 prize. Still outstanding Challenges carry prizes as high as $200,000. RSA's PR release is here. d.net's site has not yet been updated." Update: 09/26 16:59 GMT by CN : The good folks over at SlashNET are having a forum with the distributed.net crew on Saturday at 21:00 UTC. It'll be a great time to meet some of the people who made this possible.

cancel ×

410 comments

Sorry! There are no comments related to the filter you selected.

First post (-1)

RestonVA (593792) | about 12 years ago | (#4336717)

is good to poop on

Re:First post (-1)

Fecal Troll Matter (445929) | about 12 years ago | (#4336783)

You Sir, are good to poop on.

The last time my karma wasn't terrible was April Fool's Day.

d.net's site update (5, Informative)

ChronoZ (561096) | about 12 years ago | (#4336720)

Re:d.net's site update (1, Informative)

Anonymous Coward | about 12 years ago | (#4336823)

There is a forum scheduled with the d.net guys on SlashNET [slashnet.org] this Saturday.

dick (-1)

SweetAndSourJesus (555410) | about 12 years ago | (#4336723)

hey

Key (-1, Troll)

s2r (461076) | about 12 years ago | (#4336729)

*** There is no future ***

Pooped my pants (-1, Troll)

Anonymous Coward | about 12 years ago | (#4336730)

and got first post?

phrist poast (-1, Troll)

Anonymous Coward | about 12 years ago | (#4336733)

fp, bitches!

HEY YEAH!!!!

booyahh an' all dat shchiznidt!

fuck y'all

word to yo momz and popz and propz to all ded homiez!

-ac

hmmm (0)

Anonymous Coward | about 12 years ago | (#4336737)

now distributed net can get onto the task of how to get my sofa out of the stairway

Yea!!! (1, Redundant)

MarvinMouse (323641) | about 12 years ago | (#4336741)

So somehow has proven that given enough time, money and effort, RSA 64-bit encryption can be eventually broken using the amazing method of...

BRUTE FORCE.

Who woulda thought.

Re:Yea!!! (3)

Tom (822) | about 12 years ago | (#4336834)

I don't know why the parent was modded up as funny, but:

There is a difference between saying "in theory, we could do this and that" and actually doing it.

Cryptography specifically is a realm of arbitrary large numbers, theoretical math way, way beyond what 99% of people ever learn in both school and university, and lots of guesswork, estimates, approximations, you name it.

I don't think anyone is really surprised by the outcome, but nevertheless, the only real proof that something can be done is and always will be to actually do it.

Re:Yea!!! (0)

Anonymous Coward | about 12 years ago | (#4336901)

No, the OP was right. This ceased to be news years ago. This is just stupid now. We're not proving anything. Yes, we can brute force a known-plaintext attack against just about any block cipher. The "advanced mystical math" doesn't enter into the equation -- it's all irrelevant. For the love of all that is good and pure -- stop wasting your friggin cycles on this shite and do something productive.

Re:Yea!!! (2)

eddy (18759) | about 12 years ago | (#4336922)

I'm with the OP on this. Once in a time there was a purpose with cracking DES; proving it wasn't as hard (secure) the government wanted people to believe. However, that was a long time ago now.

C'mon, estimating the time of a brute-force attack is almost trivial. Once you can time how long it takes to attack some percentage of the keyspace, interpolation to mid- and worst-case is simple.

There's a lot of other distributed problems to spend time on, problems where the solution actually is worth something.

Re:Yea!!! (2)

defile (1059) | about 12 years ago | (#4336960)

I remember when this first started out they believed it would take about 1000 years to crack.

There's a lot of interesting information that comes from this aside from the actual problem being attacked.

Re:Yea!!! (0)

Anonymous Coward | about 12 years ago | (#4336974)

Ok, like what? If we have some monumental time-worthy effort to build a distributed system for, what is that?

People are starting to realize that just because you can build a big super computer, doesn't mean you have any use for it. The best uses for super computing and large distributed networks *is* cryptography work.

Re:Yea!!! (2, Insightful)

Blkdeath (530393) | about 12 years ago | (#4336885)

Of course, ASCI White (or, even better, Japan's new super computer) could probably crack RC5-64 in a matter of hours.

That's what has to be considered in all of this.

Re:Yea!!! (2)

unicron (20286) | about 12 years ago | (#4336914)

How many computers were working on rc5-64 for how many years? White isn't that many factors faster.

All bets are off though once we get quantum machines up and running...provided we can get around the whole heisenberg principle.

Re:Yea!!! (1)

wunderhorn1 (114559) | about 12 years ago | (#4336961)

On the other hand, most sensitive information tends to stay sensitive for long periods of time. The success of the bovine project proves that if you need data to be secure for the long run, choose something stronger than 64-bit encryption.

Hope you don't live in the US (2)

Nailer (69468) | about 12 years ago | (#4336967)

As you've just dispensed information which used be used to circumvent a digital media protection device.

No more RC5 in OpenBSD (3, Funny)

chrysalis (50680) | about 12 years ago | (#4336742)

Funny. The RC5 algorithm has just been removed from OpenBSD because of copyrights.


Heh (3, Insightful)

GigsVT (208848) | about 12 years ago | (#4336745)

While it's debatable that the duration of this project does much to devalue the security of a 64-bit RC5 key by much, we can say with confidence that RC5-64 is not an appropriate algorithm to use for data that will still be sensitive in more than several years' time.

Heh, it took a world-wide effort of thousands of computers over 1700 days. I don't think there is any debate at all; they proved the opposite of what they set out to prove. :)

Re:Heh ?? (3, Informative)

veddermatic (143964) | about 12 years ago | (#4336812)

I'd say not.. in several years time, the average laptop / home PC will be able to crank out the work that the distributed project did in a week or so... meaning in a few years, an individual will be able to decrypt RC5-64 data in a realistic timeframe for (mis)use.

That's the point.... is RC5-64 (effectively) safe today? It sure the heck is.. this project proved that! Will it be safe in 5 years? Heck no, and that was the point.

Re:Heh (1)

Ionized (170001) | about 12 years ago | (#4336848)

Heh, it took a world-wide effort of thousands of computers over 1700 days. I don't think there is any debate at all; they proved the opposite of what they set out to prove. :)

no, they're completely correct. re-read their statement (emphasis mine):

we can say with confidence that RC5-64 is not an appropriate algorithm to use for data that will still be sensitive in more than several years' time.

if you are interested in decrypting a competitor's proprietary information, you don't need to do it in weeks or even months. several years may still be very worth the wait - in which case, RC5-64 would not be appropriate for that data, just as they said.

Re:Heh (1)

Assembler (151753) | about 12 years ago | (#4336883)

Think about it though.. imagine if that key had been encrypting actual government secrets. Any country with a government capable of buying enough computing power would now have all those secrets. Keep in mind that the US government has secrets dating back in time from way before the Kennedy assassination. 4 years is way too short for secrets like that.

Re:Heh (0)

Anonymous Coward | about 12 years ago | (#4336978)

Keep in mind that the US government has secrets dating back in time from way before the Kennedy assassination.
Well, yeah - the plans for the Kennedy assassination, for one thing.

Re:Heh (0)

Anonymous Coward | about 12 years ago | (#4336939)

Well just because the key happened to be near the bottom of the pile, it seems like a secure algorithm (It took 1700 days).

If the key had been in the first block, could we correctly say "this algortihm is so weak, even a pentium 100 can crack it in an hour!"?

No, we would have pointed to the statistical abnormality and said "Well STATISTICALLY SPEAKING it should have been this strong"....

Therefore these distributed.net projects really don't prove or disprove anything.

Re:Heh (5, Informative)

Papineau (527159) | about 12 years ago | (#4336975)

Not really. If you consider that over 5 years, the average keyrate is 105.5 GKeys/sec, and the latest day averages were somewhere around 180 GKeys/sec, it means the same thing could have been finished in almost half the time, if it was started now with today's computers. Moore's law being what it is, if it really was started again now, it would take around half that time again, because more powerful CPUs are to be unveiled in that timeframe.

By their own estimates, it would take ~46000 Athlon XP 2GHz (now, where are you to find those right now?) to have 270 GKeys/sec (their peak rate in 5 years), which gives completing the keyspace in 790 days. Who would buy that much CPUs? Good question. With 2 dual MP motherboards in 1U (too lazy to find a link, I know somebody offers something like that), it would only take about 300 40U racks. Would you bet future national security on it? I don't think I would (and I'm not even american).

What it really shows is that brute-force can succeed, given enough time. But of course the more effective way to attack an encrytion algorithm is on the algorithmic side, because it helps you to find not only one cleartext, but all cleartexts encrypted with that algorithm.

MS: News (0)

Anonymous Coward | about 12 years ago | (#4336756)

Windows 2000 cracks RSA 64 challenge. Steve Balmer said, "This further demonstrates the tremedous power of the Windows 2000 platform." Balmer further commented, "It also demonstrates Windows great strength when it comes to security!"

Who would have guessed?

I stopped because... (0)

Anonymous Coward | about 12 years ago | (#4336757)

I stopped participating because my machines would all run significantly hotter, and it's already hot enough in this room as it is. Maybe I'll start again come winter time and if it gets cold in here.

-- gid

Well then (2)

dalassa (204012) | about 12 years ago | (#4336758)

I suppose I can shut dnetc down for now and give my processors a rest. Congratulations to whoever got the lucky key.

Re:Well then (1)

Blkdeath (530393) | about 12 years ago | (#4336992)

Actually, that brings up a good point;

My server (AMD K62-400) has been running dnetc for approximately 2.5-3 years (coupled with four-times daily team stats update [snerk.org] ) and now.. it's not.

From a constant 1.0 load average [snerk.org] to just the load of my regular maintainance and server functionality, will the CPU itself be ok? I mean, it's going to run a lot cooler [snerk.org] until I find a new project.

I'm no expert on sillicon, but isn't there an issue when sillicon heats up, stays hot for a long period of time, then drops in temperature?

dammit (0)

Anonymous Coward | about 12 years ago | (#4336764)

Now I have to shut down all my clients. I don't have any desire to lend my spare cycles to OGR or whatever other silliness they are doing.

Good job folks (2, Troll)

chainrust (610064) | about 12 years ago | (#4336766)

Nice, except for the fact it doesn't matter. It wasn't even the real encryption code. Also, it never would have happened without distributed processing, so this isn't a real demonstration of computing power, but actually a demonstration of distributed computing power.

Re:Good job folks (0)

Anonymous Coward | about 12 years ago | (#4336842)

Hey, Rusty. I found real picture of you [fathom.org] .

Re:Good job folks (0)

Anonymous Coward | about 12 years ago | (#4336879)

Ha! I was thinking the same thing. "Waaah, it's not real computing power...because it's distributed". What a nimrod.

Re:Good job folks (0, Troll)

chainrust (610064) | about 12 years ago | (#4336908)

It isn't. If someone wanted to apply a mass amount of computing power at a problem, they couldn't do it distributedly because you rely on geeks interested in your cause. Those geeks might in short supply if you wanted a distributed application for, say, figuring out the genome for rats. Don't post comments without thinking. It can only lead to trouble.

Re:Good job folks (0)

Anonymous Coward | about 12 years ago | (#4336946)

If he's Rusty, then who's this [goatse.cx] ?

With apologies to Douglas Adams (4, Funny)

mh_tang (307188) | about 12 years ago | (#4336768)

So tell me, was the answer "42"?

Re:With apologies to Douglas Adams (5, Informative)

affenmann (195152) | about 12 years ago | (#4336822)

No, it is: "some things are better left unread". This doesn't apply to Douglas Adams, of course.

Re:With apologies to Douglas Adams (2, Informative)

KarmaBitch (562896) | about 12 years ago | (#4336827)

Almost :-D
0x63DE7DC154F4D03
You got a 4....

I'm sure 42 was tested in one of the 15,769,938,165,961,326,592 keys tried.

The unknown message is: some things are better left unread

Re:With apologies to Douglas Adams (1)

mraymer (516227) | about 12 years ago | (#4336865)

Yes it was, but that's base ten. Thus, the hex code for the key is 2A.

;)

Back to reality, it's awesome that they finally found the key. I always had this fear that they'd have to restart the project due to the winning key getting lost somewhere... imagine having to RETEST 2^64th worth of keys!

And speaking of Douglas Adams, when a dnetc client asks for RC5 work, the keyserver should reply "So long and thanks for all the fish!"

proper slashdot headline (0)

Anonymous Coward | about 12 years ago | (#4336771)

"RC5-64 Encryption Worthless, Hax0rz Now 0wn All Your Pr0n"

Uh (0)

Anonymous Coward | about 12 years ago | (#4336836)

Yeah, all those Hax0rz need is 350,000 computers, a worldwide network to link them and five years, and they can have all the porn!

test (0)

BarryReisweg (606015) | about 12 years ago | (#4336772)

123

Good work (1)

ivanandre (265129) | about 12 years ago | (#4336773)

But it only shows that the encryption algorithms are intrinsecaly secure...

Re:Good work (0)

Anonymous Coward | about 12 years ago | (#4336969)

aha.
a true geek can surely spell words like 'encryption', and 'algorithms', words that might trouble the general population.

But, when faced with a common word like 'intrinsically', our geek lapses into phoneticism.

Ten thousand? (1)

ma++i+ude (580592) | about 12 years ago | (#4336774)

Yes, this is cool, but $10,000? Am I the only one thinking that keeping "hundreds of thousands" of computers on for "over four years" is probably going to cost something? (Yes, even when many of these computers would have been running anyway.)

But who's doing it for the money anyway...

FINALLY. (5, Funny)

KFury (19522) | about 12 years ago | (#4336777)

Does this mean I can go back to alien hunting now?

as usual... (1)

Alejo (69447) | about 12 years ago | (#4336778)

Schneier predicted it! He's soooo c00l. ;)

Brute Force vs design flaw (3, Interesting)

screenbert (253482) | about 12 years ago | (#4336782)

I've always thought that if you use brute force then you aren't really finding a flaw in the design. Brute force is just that, and as keys become bigger and bigger (yes even with bigger and bigger processors) it becomes harder with this method. Especially since it won't do you much good unless you can do it in a short amount time, minutes instead of months or years.

I think those that find actual flaws in the design or math are worthy of admiration. For good reading on the history of such read the code book. It will truly broaden your understanding.

3 legged dog walks into a bar, says" who shot my paw?

Re:Brute Force vs design flaw (1)

Dartagnan (124358) | about 12 years ago | (#4336927)

True, brute force does nothing to expose flaws in the algorithm or implementation. Brute force does demonstrate how long it would take for a determine adversary who is willing to do whatever it takes to get your data.

For d.net to solve it in over 4 years using donated cycles on somewhat aging computers using a loosely coupled network on the backs of donated coding by volunteers merely illustrates that a determined {government|corporation} with a full time staff, dedicated equipment, high speed network and a big budget could brute force the same length in much less time.

Re:Brute Force vs design flaw (3, Insightful)

Junta (36770) | about 12 years ago | (#4336943)

This is true, but all this was is a huge publicity stunt from RSA's perspective. I mean, what better way to get people to think a particular method is secure for what they do. When you can say that even with 10,000 dollars of incentive, the best anyone was able to do to break a single key was brute force in four years using the computing power of many thousands of computers? And this is now considered low-grade encryption, they can point at their still unmet challenges as proof for their even better security.

You are right that the people who find fundamental flaws in cryptography approaches are more informative and helpful in the advancement of the technology, but this wasn't so much about advancing crypto technology. This was about money for the sponsor. This was about seeing just what the idle computing power of thousands computers can do for the geeks. Those seeking to advance anything with their processors are doing folding or setiathome. Not to show disrespect for distributed.net, it's cool in its own ways, but it isn't going to advance cryptography at all, just marketing and 'geek' factor.

Re:Brute Force vs design flaw (2, Insightful)

Varitek (210013) | about 12 years ago | (#4336984)

Especially since it won't do you much good unless you can do it in a short amount time, minutes instead of months or years.

It depends on what you're encrypting. If you encrypt everything, then being able to crack one message in a couple of years won't help much. If, however, you know which message you want decrypting, then it's just a matter of waiting. Some information isn't time critical.

Hmm ... I guess it wasn't me (1)

B3ryllium (571199) | about 12 years ago | (#4336785)

I would've heard something, right? :) I guess the fact that I haven't used dnetc in over a year and a half might indicate that I wasn't the one who found the key. So sad :(

WOOHOO! (1)

Leto2 (113578) | about 12 years ago | (#4336788)

Woohoo!

IRC discussion (4, Informative)

dotgod (567913) | about 12 years ago | (#4336790)

From the distributed.net announcment [distributed.net]

Also, please consider joining us on SlashNET IRC on Saturday 28-Sep-2002 @ 21:00 UTC (5:00PM EDT) for an online Q+A session on the RC5-64 project and the future plans for the distributed.net network.

hmmm (1)

XO (250276) | about 12 years ago | (#4336793)

Unfortunatly, my slew of 486 boxes did not find the winning key. Now I need to find something else for them to do with their idle CPU cycles. (I don't think OGR or SETI are really worth anything)

Any suggestions?

I suppose now I can call up my parents and tell them they can finally turn off "that damn cow program" that shows up in their taskbar. lol.

Re:hmmm (1)

alexc (37361) | about 12 years ago | (#4336816)

SETI @HOME

Thats too easy (0)

Anonymous Coward | about 12 years ago | (#4336860)

A bunch of 486's? Nothing to do? Why, just imagine a beowulf cluster of 486's!

You could load up blender and make a movie...

curing cancer (0)

Anonymous Coward | about 12 years ago | (#4336894)


I don't remember the specifics, but there was a similar distributed client idea that used its processor power to solves cures for cancer some how.

Re:hmmm (4, Insightful)

alyandon (163926) | about 12 years ago | (#4336925)

Don't waste your idle cpu power looking for ET -even if you find an ET signal the results immediately applicable.

Help out cancer research right now with these projects:

Folding@Home [stanford.edu] and United Devices [purdue.edu] .

Re:hmmm (1)

virtig01 (414328) | about 12 years ago | (#4337004)

distributed.net is still working on OGR... no cash reward, but it's something for your idle CPU to do.

Are they going to share the prize? (1)

Oliver Wendell Jones (158103) | about 12 years ago | (#4336795)

Let's see, 321,000+ participants dividing a check of $10,000, that breaks down to $0.03 per participant... pretty sad when the postage to send your check is more than the check is for.... reminds of the time a creditor sent me a dun for $0.12, it cost them more in postage (including the pre-paid return mailer) then it gained them...

Re:Are they going to share the prize? (0)

Anonymous Coward | about 12 years ago | (#4336935)


The prize money breaks down as such:

$8000 to d.net for setting up the network and client

$2000 to the individual winner or $1000 to the individual and $1000 to the rest of his team, if he was a member of a team.

Re:Are they going to share the prize? (5, Informative)

miltimj (605927) | about 12 years ago | (#4336958)

Hmmm... as it says here [distributed.net] :

RSA Labs is offering a US$10,000 prize to the group that wins this contest. The distribution of the cash will be as follows:

$1000 to the winner
$1000 to the winner's team - this would go to the winner if he wasn't affiliated with a team
$6000 to a non-profit organization, decided by vote
$2000 to distributed.net for building the network and supplying the code

The vote will be decided on through an extension of the statistics engine, with one vote per block per person.


And to think.. it took a few seconds to find that, and a couple minutes to type your post..

SETI (1, Redundant)

southpolesammy (150094) | about 12 years ago | (#4336797)

Since that the RC5-64 algorithm has finally been brute forced, perhaps we can put those now idle computers to work looking for ET [berkeley.edu] ? Seems a more worthwhile effort to me...

Re:SETI (1)

WetCat (558132) | about 12 years ago | (#4336826)

ET is a pure curiosity.

why not (1)

Alejo (69447) | about 12 years ago | (#4336863)

Sure... but why not something more certain to help humankind as the projects listed here [intel.com] .

It's not as fancy as looking for Darth Vader, but I'm sure most of you had somebody close with cancer, alzheimer, diabetes, etc.

All you need is time... (0)

Anonymous Coward | about 12 years ago | (#4336799)

Or maybe a really big computer!

Althought it took this group a lot of time to break it, I could see a "wealthier" group putting together resources and doing it faster...

What now? (1)

KarmaBitch (562896) | about 12 years ago | (#4336801)

So RC5-64 is insecure?

Damn... I guess I'm gonna just have to start hashing my data to keep it secure. :-)

So I Take It 128-bit SSL Is Safe Then... (1)

nherc (530930) | about 12 years ago | (#4336806)

for my online transactions for the near future seeing that 64-bit took 4 years to crack.

Too bad there are 99% easier ways to compromise "secure" online transaction systems, not to mention ways to compromising the servers that run these systems.

Just see A Guide to Building Secure Web Applications [slashdot.org] .

Congratulations (5, Insightful)

Dirtside (91468) | about 12 years ago | (#4336814)

While this is an admirable achievement, I found another distributed computing project which I think is more worthwhile -- namely, Folding @Home [stanford.edu] , which is a distributed protein-folding simulation effort. This is the kind of research that will end up curing things like Alzheimer's, and I think it's a better use of your processing time than brute-forcing encryption keys (or even SETI, or Primenet). I encourage everyone to participate in F@H instead, as I think it will provide a greater benefit to us all in the long run.

Of course, some on /. may need to be reminded that they are indeed free to run whatever distributed computing software they feel like; I am merely requesting that they run this one.

Re:Congratulations (3, Informative)

eddy (18759) | about 12 years ago | (#4336959)

Yes, and don't forget genome@home [stanford.edu] . You might consider joining the Wicked Old Atheists [gazonk.org] even :-)

Message from God (1)

QEDog (610238) | about 12 years ago | (#4336818)

Maybe if we were using that power to analize Pi in base 11 we would find the hidden message before the end of the world.

eh... (1)

xanadu-xtroot.com (450073) | about 12 years ago | (#4336831)

Big deal, to be honest. Where's those googly eyed, green guys [berkely.edu] when we need them?

Re:eh... (0)

Anonymous Coward | about 12 years ago | (#4336856)

Dumbass...

Do you mean THESE GUYS?!?!?!?!? [berkeley.edu]

sounds pretty gay to me (-1, Troll)

Anonymous Coward | about 12 years ago | (#4336833)

kiddie porn, whatever. homo stuff.

Missing the point... (0)

back_pages (600753) | about 12 years ago | (#4336837)

Many people seem to think that this proves that the security is now insecure, or that the 300,000+ volunteers and 4 years of work means that this is an impractical security breach and the award is meaningless. The boat left you standing on the dock.

As it says in the PR, the scientific achievement here is that the security has now been quantified. The security challenge isn't just "super tough" to crack, or "practically impossible", but required exactly X bajillion processor cycles to crack. It's like the difference between "water freezes when it gets really cold," and "water freezes at 0 Celcius." That knowledge doesn't make your ice box less useful, but you do know how to configure the thing to make ice cubes.

The real question on my mind is whether or not that $10,000 prize will be distributed among the 300,000+ distributed volunteers. Prize money indeed...

Re:Missing the point... (1)

Ionized (170001) | about 12 years ago | (#4336948)

you, sir, are the one to completely miss the point. on multiple counts, actually.

Many people seem to think that this proves that the security is now insecure, or that the 300,000+ volunteers and 4 years of work means that this is an impractical security breach and the award is meaningless. The boat left you standing on the dock.

well, yes, basically it DOES prove its insecure, for the purposes of data that will continue to remain critical and proprietary for long periods of time. if you have trade secrets that would be valuable to your competitors even 6 years from now, RC5-64 just isn't good enough - they could crack it by then.

The security challenge isn't just "super tough" to crack, or "practically impossible", but required exactly X bajillion processor cycles to crack. It's like the difference between "water freezes when it gets really cold," and "water freezes at 0 Celcius."

so if someone else tried to brute force RC5-65, they would guess wrong the exact same number of times that distributed.net did before guessing correctly? do you even realize how brute force works?

The real question on my mind is whether or not that $10,000 prize will be distributed among the 300,000+ distributed volunteers.

an even precursory glance at the distributed.net website would explain exactly how the cash is split.

I went through... (2)

LinuxGeek (6139) | about 12 years ago | (#4336853)

...several computers during this 64bit phase of RSA cracking. Started with a K6-233, then K62-450, dual Celeron 450, Duron 800, Athlon 1GHz, Athlon 1.4GHz and now AthlonXP 1700+ @ 2000+. I wonder what we will be running when (if?) RC5-72 is cracked.

well, (1)

eastbam (610415) | about 12 years ago | (#4336859)

with the new Intel 4.7-GHz chip you too can do this but in less than 10 minutes!

What a waste of resources (0)

Anonymous Coward | about 12 years ago | (#4336869)

20 years from now, when I have newly-minted-by-global-warming underwater property in Boston, I'll come after every Slashdot geek I can find with a shotgun. How irresponsible.

kinda funny (1)

FunkyELF (609131) | about 12 years ago | (#4336872)

Its kinda funny how one thing takes all that time using all those computers to crack, but 5 days after a new program comes out http://astalavista.box.sk has a crack or a keygenerator for it.

How many megawatts? (0)

Anonymous Coward | about 12 years ago | (#4336876)

I'd like to know how much electricity was used, or how many tons of
fossil fuel was consumed to produce this result. Any reasonable guesses?

D-net's site..... (1)

KarmaBitch (562896) | about 12 years ago | (#4336878)

For the first time you can actually watch the owner of a website watch his server crash and burn via a webcam :-)

http://members.slacker.com/~nugget/camb.php

Found via : Distributed Webcams [distributed.net]

If you have enough time... (1)

netphilter (549954) | about 12 years ago | (#4336895)

...you can crack any algorithm. Encryption algorithms are always going to be time-sensitive. You can brute force anything...it's just a matter of whether or not you can do it in a realistic amount of time. Taking the rate at which technology changes and becomes faster, I don't think that we should ever realistically expect an algorithm to last more than a few years.

Not really. (2)

pclminion (145572) | about 12 years ago | (#4336971)

There are unbreakable cryptosystems. The one-time pad is unbreakable.

I'm too tired to explain why, I'm sure someone else will pick up the buck on this one.

5 Years! (1)

evil-barn (464762) | about 12 years ago | (#4336899)

Well it's obvious they should of started at the other end and worked backwards. It being 2/3's of the way through the keyspace, they would of got it much quicker! I mean duh!

the omen (0)

Anonymous Coward | about 12 years ago | (#4336900)


When the Jews return to Zion
And a comet fills the sky
And the Holy Roman Empire rises,
Then you and I must die.

From the eternal sea he rises,
Creating armies on either shore,
Turning man against his brother
'Til man exists no more.

-- The Omen

I think many posters here are missing the point (5, Insightful)

watanabe (27967) | about 12 years ago | (#4336917)

I think many posters here are missing the point of this. RSA wants people to crack these weaker crypto offerings; it makes their story better, not worse.
  • They know exactly how insecure RC5-64 is. They want other IT groups, industry groups and tech managers to know it. The easiest way to do that is to offer open challenges with cash prizes. It's never hard for RSA to up their bit-length to 4096, say, a year before 2048 RSA is broken, and someone collects their $200,000. It is hard to make PHBs understand that RC5-64 is not secure if nobody has broken it.
Secondly, Distributed.net clearly isn't doing it for the cash. I didn't do it for the cash, either. (Although I wouldn't have minded winning.) They're doing it because:
  • Breaking codes gives nerds their kicks.
  • Building a distributed computing architecture is a difficult and interesting problem.
With current technology, as RSA likes to demonstrate, the winners are the cryptographers, not the cryptologists (the code breakers.) Quantum computing may change that, and make the cryptologists the winners. Until then, RSA can happily give cash prizes for increasing length keys: the numbers are on their side.

How crazy is this? (5, Funny)

WalterGR (106787) | about 12 years ago | (#4336918)

From the press release - "a coordinated team of computer programmers and enthusiasts, known as distributed.net, has solved the RC5-64 Secret-Key Challenge."

If you remove a single element - the $10,000 award offered by RSA - then the press release would read more like,

"A group of degenerate hackers [sic] cracked an encryption method owned by RSA Security Inc. The company has contacted law enforcement authorities, and an attempt to track down these hackers [sic] is currently under way. Under the DMCA, these criminals, when caught, faces sentances of up to..."

The amazing spin doctor (0)

Anonymous Coward | about 12 years ago | (#4336920)

"yes, it took 350,000 people three years to break RC5... so RC5 is incredibly insecure".

Give me a break, we knew this is what d.net would say when RC5 was broken regardless of how much time it took. I think they've just proved the point that RC5 is pretty damned good.

Holy Cow !@#$ (0)

Anonymous Coward | about 12 years ago | (#4336944)

It was me -- I won!

I'm really disappointed! (1)

dex22 (239643) | about 12 years ago | (#4336947)

I was hoping they would get to 100% and still not find the key!

Now, I get to miss out on all that head scratching. :o(

Ok, so who wants to work out the electricity consumed per block, and calculate the COST of cracking RC5? Remember that as RC5 just uses idle cycles, all the used energy was energy that could have been saved by turning the computers off!

*laffs*

What's next?

Congratulations, you've been duped by RSA (1)

truth_revealed (593493) | about 12 years ago | (#4336973)

into doing very expensive PR for them.
This is exactly this sort of result they had hoped for - even their low-grade keys need a world-wide network of computers and months to crack their marketing deptartment will report.
The $10K prize is a joke compared to the cost/time of the compute power involved.
Surely we can put our spare cycles to better use to society than this?

Just got OpenSSH Protocol 2 RSA working... (1, Redundant)

snatchitup (466222) | about 12 years ago | (#4336977)

I'm using putty (development version) to connect from a Win box to a linux box.

I'm glad I'm using 1024bit encryption. They've worked so hard to do 64 bit. But each additional bit is a redoubling in the amount of computing power it's going to take to decrypt my packets. Good luck!

I've only got port 22 port fowarded from my router.

You just aint getting in!

Sad news ... Stephen King dead at 55 (0)

Anonymous Coward | about 12 years ago | (#4336980)

I just heard some sad news on talk radio - Horror/Sci Fi writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon.

Distributed.net no longer in the public eye (5, Insightful)

HoserHead (599) | about 12 years ago | (#4336986)

It's sad, really, that so much focus has moved off Distributed.net to SETI@Home and the other distributed computing projects when Distributed.net was one of the real pioneers of this style of computing (that is, harnessing regular people's CPU time).

In one of my CS classes, we were discussing distributed computing, and a question of any well-known distributed computing projects was asked. I answered "Distributed.net" - and the instructor promptly asked "What's that?" The next student to respond, of course, said SETI: the answer he was looking for.

Maybe I'm biased, as the former maintainer of distributed-net for Debian, but has Distributed.net really become this unimportant and forgotten?

Damn.... Twas not me. (1)

affegott (104661) | about 12 years ago | (#4336988)

I purchased serveral machines over the last few years soley because I could justify the cost with the money I was _going_ to win from RC5. :-)

Oh well, maybe next time.

i cant even pronounce this number (1)

NO_NYT_POSTS (611469) | about 12 years ago | (#4336990)

Over the course of the RC5-64 project, 331,252 individuals participated. We tested 15,769,938,165,961,326,592 keys.

anyone help out?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?