[ PACING THE VOID ]

news

opinions

sports

policebeat

comics

(DAILY_WILDCAT)

{picture of Bryan Hance}
{Cracking Codes for Fun & Profit}


- Quick, make a mental list of computer-related news that the public really cares about. Weed out all some of the geekier stuff and your list will most likely contain several security-related issues. No matter what's going on, security is never a dead topic.
- Last week, for example, a Danish firm who found a security flaw in Netscape's browsers made headlines as they attempted to semi-blackmail Netscape into dishing out a larger cash award for the discovery. And yesterday, Sun Microsystems released a pa tch that covered a security loophole in the Java programming language, one that could have let nefarious hackers raid a person's files while they were surfing the web.
- Secrecy and security has been brought to the headlines at about the same rate as the Web itself has. Everyone from corporations to online shoppers wants to be sure that everything that should be electronically locked, is, and tightly.
- At the core of many computer security issues lies encryption, the mathematical magic that makes data secure. Whether the data is banking traffic or a credit-card purchase over the web, encryption does the actual work required to make information secure. Think of encryption as a mathematical meat grinder - it takes the 1's and 0's of computer language and changes them in such a way that only the people who know how to put them back together again can get to their original combination.
- Well, in theory, anyway, and that's the catch. Being a mathematical trick, encryption techniques aren't always one-hundred percent guaranteed. Just because X-brand encryption is thought to be unbreakable doesn't mean it is. Someone with a big brain and an even bigger computer might come along, break the code and get to the data. crackthecode!
- Thus, encryption is both a public and governmental concern because it's vital to everyone's security. It's also a hot topic among computer geeks because encryption schemes are really fun to break. Doing so takes a ton of ingenuity and loads of computing power, two things the 'net community has never exactly lacked.
- There are many different methods of encryption in use today, and when one of those methods gets cracked, it's big news. Just this week, DES encryption was broken after a four month effort involving over 14,000 computers. While the world has known for some time that DES encryption (short for Data Encryption Standard) isn't the best way of keeping things secure, it's still in wide use among businesses and the federal government.
- Buried in all the details surrounding the downfall of DES is the story of how the codes were broken. Pacing the Void is here to tell you how it was done and even let you get in on the cracking game if you want to.
- DES was broken through an Internet-based, distributed supercomputing effort. Sounds stuffy, I know, but it's actually a heck of a lot cooler than it sounds.
- To sift through the 72 quadrillion possible keys to the DES code, (72,057,594,037,927,936, to be exact), some clever individuals wrote software that broke the task down into smaller tasks. Then, rather than having one machine try all of the codes in sequence, they made the software available over the Internet - allowing people to use their own computers to crunch through the code a few million keys at a time. A network was set up that coordinated the effort, so nobody would ever work on the same keys at once, or try possible keys that had already been proven useless.
- Everyone who took a copy of the software didn't have to abandon their machines, either, becaused it was written to run during the computer's "relaxation" (think: couch potato) time. A computer's brain sits idle most of the time you're on the computer. It perks up when something intense comes up, but for the most part your computer's 'brain' isn't living up to its potential one-hundred percent of the time. Many of the world's souped-up machines are hardly running at their potential peak because they're only being used to do email, word processing, and the like.
- The idea behind distributed cracking is to take advantage of that untapped power to do a tiny bit of a large job. In this case, it was written to crack a code. The DES project organizers, after spreading the word, eventually had thousands of computers working to crack the code and were at one point churning through 7 billion possible keys a second.
- DES is dead, but the home-cracking game isn't over. In fact, the DES cracking effort wasn't the first to use distributed computing to crack codes, and it isn't the last.
- There are several other such cracking projects in the works, one of them being the Bovine RC5 cracking effort. RC5 encryption is just a different way of encrypting data, and it has yet to be broken. The Bovine effort, named after one of the organizer's online nickname, has only crunched through a tiny percentage of the possible codes needed to break RC5 encryption, and they're still taking volunteers. {Bovine rc5 cracking effort mascot}
- Better yet, the same organization that invited people to break DES, RSA Data Security Inc., is offering the same cash prize to the organization that cracks RC5. When RC5 is broken, RSA shells out $10,000. Most of that goes to the project organizers, but $1,000 trickles down to the person whose machine is the lucky one to find the key.
- And in this game, size doesn't matter. It's unimportant how fast or how large your computer is, because the key could be found by anyone who comes along. (FYI, the DES code was cracked by a 90-mhz Pentium running FreeBSD.) {PoweredbyBovine!}
- If you're feeling lucky and want to join in the effort, click over to the Bovine RC5 cracking effort and visit their RC5 Client page, where you can download the Bovine client designed for your machine. It takes a few minutes to figure out the directions, (longer if you're connected to the net via a dialup connection) but with a little effort, you too can help crunch though the RC5 code.
- If you'd just like to check out how well the effort is doing, you can check out the executive summary which will give you a quick glimpse at their progress. You might even recognize a few names in their logs, as a few people in the UA's Steward Observatory are cranking out codes on lab machines that usually sit idle during the summer.
- There's no way to tell when the RC5 code will be broken, and extra help is always needed. Give it a try - you might even hit the code, make a thousand bucks, and go down in a tiny corner of the historical canon as the person who broke RC5.
- Okay, so it's the money that matters... :)




(Wildcat Chat)

PAST PACINGS:
#1- January 24
#2- January 31
#3- February 4
#4- February 7
#5- February 11
#6- February 14
#7- February 18
#8- February 21
#9- February 25
#10- February 28
#11- March 4
#12- March 7
#13- March 11
#14- March 14
#15- April 15
#16- April 18
#17- April 22
#18- April 25
#19- April 29
#20 - May 2
 #21 - May 16


-