Fortify Related References and Links
A Report by an ad hoc Group of Cryptographers and Computer Scientists
Matt Blaze, Whitfield Diffie, Ronald L. Rivest, Bruce Schneier,
This is a report authored in January, 1996, by several of the world's leading cryptographers. In it, the authors state that "Bearing in mind that the additional computational costs of stronger encryption are modest, we strongly recommend a minimum key-length of 90 bits for symmetric cryptosystems." (unquote).
Hal's First Challenge
Hal's First Challenge was one of the first public attacks on a 40-bit key. The challenge was initiated on July 14, 1995.
It was ultimately solved independently by two parties. The first party to find the key was David Byers and Eric Young, using approx 50 PCs, 15 workstations and a MasPar MP-1 for the search. The result was not widely announced, but it was captured and record by Mr. Adam Back (copy here).
The second party to find the key was Damien Doliegez (France), who used approx 20 workstations and two supercomputers for 8 days to conduct the search. A copy of Damien's announcements and chronological record is preserved here.
Hal's Second Challenge
A group known as the Cypherpunks have banded together to co-operatively conduct exhaustive key searches in record times using run-of-the-mill computing resources. Their fastest time for a 40-bit key search currently stands at 31 hours 47 minutes, which was the time taken to break Hal's Second Challenge , also in Aug 1995.
56-bit DES key "cracks"
56-bit DES has also been "broken", on at least four separate occasions. The Deschall group, headed by Mr. Rocke Verser, announced the winning key to the RSA's first DES challenge in June 1997. Deschall was, once again, an Internet-based collaborative effort. The group used the spare CPU cycles from "tens of thousands" of standard computers, over a period of roughly four months, to perform the key search.
The second DES challenge was completed in February 1998, by a collaborative group known as distributed.net in 39 days - one third of the time taken to solve the first DES challenge.
The Electronic Frontier Foundation has accomplished at least two separate 56-bit DES "cracks" in June and July, 1998. The most widely publicized result was a solution to the RSA DES II challenge. The solution was achieved in 56 hours - substantially faster than the previous record. These results once again demonstate the fact that export grade ciphers, including DES, are largely ineffective, and their usefulness degrades rapidly over time.