Quick, make a mental list of computer-related news that the
public really cares about. Weed out all some of the geekier stuff and
your list will most likely contain several security-related issues. No
matter what's going on, security is never a dead topic.
Last week, for example, a Danish firm who found a security flaw in
Netscape's browsers made headlines as they attempted to semi-blackmail Netscape into dishing out a larger cash award for the discovery. And yesterday, Sun Microsystems released a pa
tch that covered a security loophole in the Java programming language, one that could have let nefarious hackers raid a person's files while they were surfing the web.
Secrecy and security has been brought to the headlines at about the
same rate as the Web itself has. Everyone from corporations to online
shoppers wants to be sure that everything that should be electronically
locked, is, and tightly.
At the core of many computer security issues lies encryption, the
mathematical magic that makes data secure. Whether the data is banking
traffic or a credit-card purchase over the web, encryption does the actual
work required to make information secure. Think
of encryption as a mathematical meat grinder - it takes the 1's and 0's
of computer language and changes them in such a way that only the people
who know how to put them back together again can get to their original
Well, in theory, anyway, and that's the catch. Being a
mathematical trick, encryption techniques aren't always one-hundred
percent guaranteed. Just because X-brand encryption is thought to be unbreakable doesn't mean it is. Someone with a big brain and an
even bigger computer might come along, break the code and get to the data.
Thus, encryption is both a public and governmental concern because it's vital to everyone's security. It's also a hot topic among computer geeks because encryption schemes are really fun to break. Doing so takes a ton of ingenuity and loads of computing power, two things the 'net community has never exactly lacked.
There are many different methods of encryption in use today, and when one of those methods gets cracked, it's big news. Just this week, DES encryption was broken after a four month effort involving over 14,000 computers. While the world has known for some time that DES encryption (short for Data Encryption Standard) isn't the best way of keeping things secure, it's still in wide use among businesses and the federal government.
Buried in all the details surrounding the downfall of DES is the
story of how the codes were broken. Pacing the Void is here to tell you
how it was done and even let you get in on the cracking game if you want
DES was broken through an Internet-based, distributed
supercomputing effort. Sounds stuffy, I know, but it's actually a heck of
a lot cooler than it sounds.
To sift through the 72 quadrillion possible keys to the DES code,
(72,057,594,037,927,936, to be exact), some clever individuals wrote
broke the task down into smaller tasks. Then, rather than having one
machine try all of the codes in sequence, they made the software available
Internet - allowing people to use their own computers to crunch through
the code a few million keys at a time. A network was set up that
coordinated the effort, so nobody would ever work on the same keys at
once, or try possible keys that had already been proven useless.
Everyone who took a copy of the software didn't have to abandon
their machines, either, becaused it was written to run during the
computer's "relaxation" (think: couch potato) time. A computer's brain
sits idle most of the time you're on the computer. It perks up when something
intense comes up, but for the most part your
computer's 'brain' isn't living up to its potential one-hundred percent of the
time. Many of the world's souped-up machines are hardly running at their
potential peak because they're only being used to do email, word
processing, and the like.
The idea behind distributed cracking is to take advantage of that
untapped power to do a tiny bit of a large job. In this case, it was
written to crack a code. The DES project
organizers, after spreading the word, eventually had thousands of
computers working to crack the code and were at one point churning through
7 billion possible keys a
DES is dead, but the home-cracking game isn't over. In fact, the
effort wasn't the first to use distributed computing to crack codes, and
it isn't the last.
There are several other such cracking projects in the works, one of them
being the Bovine RC5 cracking effort.
RC5 encryption is just a different way of encrypting data, and it has yet to
be broken. The Bovine effort, named after one of the
organizer's online nickname, has only crunched through a tiny percentage
of the possible codes needed to break RC5 encryption, and they're still
Better yet, the same organization that invited people to break
DES, RSA Data Security Inc., is offering the
same cash prize to the organization that cracks RC5. When RC5 is broken,
RSA shells out $10,000. Most of that goes to the project organizers,
but $1,000 trickles down to the person whose machine is the lucky one to
find the key.
And in this game, size doesn't matter. It's unimportant how fast or how large your computer is, because the key could be found by anyone who comes along. (FYI, the DES code was cracked by a 90-mhz Pentium running FreeBSD.)
If you're feeling lucky and want to join in the effort, click over to the Bovine RC5 cracking effort and visit their RC5 Client page, where you can download the Bovine client designed for your machine. It takes a few minutes to figure out the directions, (longer if you're connected to the net via a dialup connection) but
with a little effort, you too can help crunch though the RC5 code.
If you'd just like to check out how well the effort is doing, you can check out the executive summary which will give you a quick glimpse at their progress. You might even recognize a few names in
their logs, as a few people in the UA's Steward Observatory are cranking out codes on lab machines that usually sit idle during the summer.
There's no way to tell when the RC5 code will be broken, and extra help is always needed. Give it a try - you might even hit the code, make a thousand bucks, and go down in a tiny corner of the historical canon as the person who broke RC5.
Okay, so it's the money that matters... :)
#1- January 24
#2- January 31
#3- February 4
#4- February 7
#5- February 11
#6- February 14
#7- February 18
#8- February 21
#9- February 25
#10- February 28
#11- March 4
#12- March 7
#13- March 11
#14- March 14
#15- April 15
#16- April 18
#17- April 22
#18- April 25
#19- April 29
#20 - May 2
#21 - May 16