DES Challenge IIIの結果報告

DES Challenge III Broken in Record 22 Hours


1999年1月18日にサンノゼで開催されたRSA Data Security Conference & ExpoでRSA Data Security社が主催した56ビットDES暗号の解読コンテストDES Challenge IIIの結果は最短記録をさらに更新し、たった22時間15分であった。これは1998年12月に米国商務省が輸出を認可した56ビットの暗号では容易に解読され、安全ではないことを実証するデモンストレーションであり、あの米国でさえ、現実と政府の考え方に大きな隔たりがあることを証明したことになる。それから考えると日本のように全てが政府主導の共産資本主義の考え方で実施されるデジタル社会への対応方針で、将来の暗雲を消し去ることが不可能に思えてくる。DES Challenge IIIの結果報告がニュースリリースとして配布されたので、その内容を全文掲載する。また、クッキー関連調査研究室MIT Laboratory for Computer Scienceは2001年8月に、Dos and Don'ts of Client Authentication on the Webを公開した。詳細情報はURL(http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf)で知ることができる。

[全文]
FOR IMMEDIATE RELEASE
RSA Code-Breaking Contest Again Won by Distributed.Net and Electronic Frontier Foundation (EFF)

DES Challenge III Broken in Record 22 Hours

RSA DATA SECURITY CONFERENCE, SAN JOSE, Calif., January 19, 1999 -- Breaking the previous record of 56 hours, Distributed.Net, a worldwide coalition of computer enthusiasts, worked with the Electronic Frontier Foundation's (EFF) 'Deep Crack,' a specially designed supercomputer, and a worldwide network of nearly 100,000 PCs on the Internet, to win RSA Data Security's DES Challenge III in a record-breaking 22 hours and 15 minutes. The worldwide computing team deciphered a secret message encrypted with the United States government's Data Encryption Standard (DES) algorithm using commonly available technology. From the floor of the RSA Data Security Conference & Expo, a major data security and cryptography conference being held in San Jose, Calif., EFF's 'Deep Crack' and the Distributed.Net computers were testing 245 billion keys per second when the key was found.
First adopted by the federal government in 1977, the 56-bit DES algorithm is still widely used by financial services and other industries worldwide to protect sensitive on-line applications, despite growing concerns about its vulnerability. RSA has been sponsoring a series of DES-cracking contests to highlight the need for encryption stronger than the current 56-bit standard widely used to secure both U.S. and international commerce. 'As today's demonstration shows, we are quickly reaching the time when anyone with a standard desktop PC can potentially pose a real threat to systems relying on such vulnerable security,' said Jim Bidzos, president of RSA Data Security, Inc. 'It has been widely known that 56-bit keys, such as those offered by the government's DES standard, offer only marginal protection against a committed adversary. We congratulate Distributed.Net and the EFF for their achievement in breaking DES in record-breaking time.' As part of the contest, RSA awarded a $10,000 prize to the winners at a special ceremony held during the RSA Conference. The goal of this DES Challenge contest was not only to recover the secret key used to DES-encrypt a plain-text message, but to do so faster than previous winners in the series. As before, a cash prize was awarded for the first correct entry received. The amount of the prize was based on how quickly the key was recovered. 'The diversity, volume and growth in participation that we have seen at Distributed.Net not only demonstrates the incredible power of distributed computing as a tool, but also underlines the fact that concern over cryptography controls is widespread,' said David McNett, co-founder of Distributed.Net.
'EFF believes strongly in providing the public and industry with reliable and honest evaluations of the security offered by DES. We hope the result of today's DES Cracker demonstration delivers a wake-up call to those who still believe DES offers adequate security,' said John Gilmore, EFF co-founder and project leader. 'The government's current encryption policies favoring DES risk the security of the national and world infrastructure.' The Electronic Frontier Foundation began its investigation into DES cracking in 1997 to determine just how easily and cheaply a hardware-based DES Cracker (i.e., a code-breaking machine to crack the DES code) could be constructed. Less than one year later and for well under U.S. $250,000, the EFF, using its DES Cracker, entered and won the RSA DES Challenge II-2 competition in less than 3 days, proving that DES is not very secure and that such a machine is inexpensive to design and build.
'Our combined worldwide team searched more than 240 billion keys every second for nearly 23 hours before we found the right 56-bit key to decrypt the answer to the RSA Challenge, which was 'See you in Rome (second AES Conference, March 22-23, 1999)', said Gilmore. The reason this message was chosen is that the Advanced Encryption Standard (AES) initiative proposes replacing DES using encryption keys of at least 128 bits. RSA's original DES Challenge was launched in January 1997 with the aim of demonstrating that DES offers only marginal protection against a committed adversary. This was confirmed when a team led by Rocke Verser of Loveland, Colorado recovered the secret key in 96 days, winning DES Challenge I. Since that time, improved technology has made much faster exhaustive search efforts possible. In February 1998, Distributed.Net won RSA's DES Challenge II-1 with a 41-day effort, and in July, the Electronic Frontier Foundation (EFF) won RSA's DES Challenge II-2 when it cracked the DES message in 56 hours. RSA Data Security, Inc. RSA Data Security, Inc., a wholly owned subsidiary of Security Dynamics Technologies, Inc. (NASDAQ: SDTI), is a leading supplier of software components that secure electronic data, with more than 400 million copies of RSA encryption and authentication technologies installed worldwide. RSA technologies are part of existing and proposed standards for the Internet and World Wide Web, ISO, ITU-T, ANSI, IEEE, and business, financial and electronic commerce networks around the globe. RSA develops and markets platform-independent security components and related developer kits and provides comprehensive cryptographic consulting services. RSA can be reached at
URL(http://www.rsa.com).