|
It took four years, 331,000 participants and a difficult legal case, but the relentless efforts of Distributed.net and its supporters have finally broken a 64bit encryption key developed by RSA Data Securities.
When Distributed.net set up shop in 1997 to test various forms of encryption by essentially breaking through them, organizers figured it could take 100 years to uncover the RC5-64 sequence due to limited computer power and the fact that so many people would have to participate in the effort. Still, they forged ahead.
"We had confidence the rate would improve and that Moore's Law would help us cut down on that time," said David "Nugget" McNett, president of Distributed.net.
Not to mention a $10,000 reward put up by RSA. (Ultimately, $6,000 went to Distributed.net to cover its operational costs, participants voted to give another $2,000 to the Free Software Foundation and the winner took home the remaining two grand.)
There was so much data to analyze for the project that when the key was eventually found in mid-September, McNett and his crew of participants around the world initially overlooked the winning entry. It read: "The unknown message is: Some things are better left unread."
The man who discovered the secret message used a 450-MHz Pentium II to find the solution. A resident of Tokyo, Japan, he has asked to remain anonymous.
With so much time and hardware needed to process the keyspace, it would seem that 64-bit encryption is secure, right? McNett isn't convinced. "(It's) safe for any secret that's not still a secret in two years," he said. "I certainly wouldn't use it to keep the secret formula to Coca-Cola a secret. People with secrets to keep should factor in not only the importance of the secret but the timeliness."
While the accomplishment of breaking the 64-bit encryption standard is noteworthy, there are even greater challenges ahead for Distributed.net.
Next up is breaking through RC5-72, RSA's next highest encryption key. RSA also has a 128-bit key, but trying to break a key that long is practically impossible because there are so many combinations of keys to consider, McNett said.
"Major advances would have to be made in keyrate processing before that would be even approachable," he said.
Along with SETI@Home, Distributed.net was one of the earliest distributed computing projects ?- so-called because it split up a massive computing problem into small, manageable pieces solved by a large number of volunteers running programs on their individual computers.
The nonprofit organization, based in Austin, Texas, relies on contributors to provide both servers and bandwidth. It shares office space with United Devices, a commercial operation that runs a distributed computing project geared toward finding cancer treatments.
During the past two years, the quest to break RC5-64 has endured its share of intrigue.
There was the legal case involving David McOwen, who was fired from his job at DeKalb Technical College and charged by the state of Georgia with putting the Distributed.net client on school computers without permission. The case outraged supporters of distributed computing projects, who raised more than half McOwen's $20,000 legal bill. The case was eventually settled.
At one point, a laptop owned by one of the project's participants was stolen. Fortunately, the thief didn't realize that a program was running in the background on the computer he had swiped. When he connected the machine to the Internet, it reconnected the laptop to the Distributed.net servers, and the organization was able to track down the thief using his IP address.
"Sort of like LoJack for the computer," chuckled McNett.
|
Linear Mode
