This is all my personal point of view. INRIA published an
official press release (no longer available on-line).
On July 14, Hal posted his SSL
challenge: a record of a "secure" Netscape session
encrypted with the RC4-128-EXPORT-40 algorithm.
I succeeded in cracking the challenge, but I was only the
second one to find the key and
read the contents of his session.
If you're a journalist, be sure to read my
virtual press
conference. If you have more questions, feel free to
send me some e-mail: Damien.Doligez@inria.fr.
This is a more-or-less chronological account of what happened:
-
The SSL protocol was designed to protect confidential data
sent by Web browsers. It has an option for weak encryption, to
comply with the requirements of the US government for exportable
software.
- July 14: Hal posted his challenge in a short version and a detailed
version.
- August 15: I posted my original
announcement. I also have a revised
version.
- August 16: I learned that David Byers and Eric Young, working
with Adam Back, had cracked the challenge about two hours before
me. Adam has a
description of their
achievement.
- August 17: Netscape sent their official
response. I don't agree with their $10,000 figure, and they
badly underestimate the cost of breaking RC4-128
(the US-only version of their system).
Still, I do agree with their conclusion.
- The cypherpunks are putting together a
"key cracking
ring" to see how fast this can get: they will decrypt example
sessions as fast as possible (I expect only about one day per
session), by using a lot of machines all over the Internet.
- August 19: Hal posted a
second SSL
challenge to cypherpunks for the "key cracking ring" to
tackle.
- The key cracking ring started working on this new challenge on
August 24, at 18:00 GMT, and got the result in
less
than 32 hours.
- September 4: Communications Week International
wrote that I "enlisted a number of other engineers worldwide to
crack the code again - in just 32 hours". This is not
true. I did participate in the effort, but the credits
for organizing it should go to Adam Back and
Piete Brooks.
- September 17: Ian
Goldberg and David
Wagner broke the pseudo-random number generator of Netscape
Navigator 1.1. They get the session key in at most a few hours on
a single workstation.
Their
code is available by ftp.
You can get more details on a
web page
written by Laurent Demailly.
- September 20: Community ConneXion is awarding
original T-shirts to people who
Hack Netscape
or Microsoft.
- June 4, 1996: Le
Monde, a french newspaper, published a
paper with a somewhat garbled story about the Internet, that
ends by implying "Damien Rodriguez" is a pirate. I found
15 factual errors in that article.
The man who reads nothing at all is better educated than the man who
reads nothing but newspapers.
-- Thomas Jefferson
Related topics
- You can get the source of the program
that I used to break the challenge.
- A few people also have equivalent programs, for example Andrew
Roos and Piete Brookes.
- There is a lot of research in cryptology being done at INRIA
(projects ALGO and CODES),
École
polytechnique, and École
Normale Supérieure.
- You may want to know more about the ITAR (International Traffic in
Arms Regulations), which prevent Netscape from exporting their
more secure system. See the EFF ITAR export
archive or John Gilmore's crypto
export page.
- The RSA-129
crack used about 50 times more computing power than I did for the
SSL challenge.
- Cryptographic software is export-restricted by the US government
even if it didn't originate from the US (i.e. if imported, it
cannot be reexported). Yet, you can find strong cryptography in
the form of PGP (all over the world),
and SSLeay (in
Australia).
- A UK company, MarketNet,
already has a server with 128-bit security.
- There are serious restrictions on the use of
cryptography in
France.
- the
cypherpunks
- Tim May's Cyphernomicon
is a list of frequently asked questions (with answers) about
cryptography.
- Netscape
- the WWW consortium
- my own web page
- Some articles reporting this story are also available on the Web.
Here is a game: spot the errors in these articles and report
them to their authors.
- It should be noted that both MD5 and RC4, two of the (very good)
cryptographic components of SSL, were designed by Ron Rivest, of
RSA Laboratories.
- For a good introduction to the field of cryptology, read the
sci.crypt
FAQ.
- Some
information about cryptography (in German).
- A good Web page on
cryptography.
Cute quote:
"Just remember, in 10 years no one will care. In fact most people probably
don't care right now."
-- Conrad E. Muller