Concern about key length was heightened when a 40-bit key was cracked by a French student, Damien Doligez, in 8 days using 120 workstations and a few supercomputers [12]. Even though a 56-bit key would take 65 thousand times longer to break and a 64-bit key 17 million times longer, the perception was that much longer keys were needed for adequate protection.
In 1996, a group of seven cryptographers issued a report recommending that keys be at least 75-90 bits to protect against a well-funded adversary [13]. The cryptographers estimated that a 40-bit key could be cracked in 12 minutes and a 56-bit key in 18 months using a $10,000 machine consisting of 25 Field Programmable Gate Array (FPGA) chips. Each chip would cost $200 and test 30 million keys per second. For $10 million, a machine with 25,000 FPGA chips could crack a 56-bit DES key in 13 hours; one with 250,000 Application-Specific Integrated Circuits costing $10 each could do it in 6 minutes. By comparison, the National Security Agency estimated it would take 10 minutes to crack a 40-bit key and 1 year and 87.5 days to crack a 56-bit key on a Cray T3D supercomputer with 1024 nodes and costing $30 million. Table 2 shows the estimates for the FPGA and ASIC architectures and for the Cray (row 3). The first row corresponds to the actual attack carried out by the French student.
dc unlocker cracked version 29
At their January 1997 conference, RSA Data Security announced a set of challenge ciphers with prizes for the first person breaking each cipher [14]. These included $1,000 for breaking a 40-bit RC5 key, $5,000 for breaking a 48-bit RC5 key, and $10,000 for breaking a 56-bit RC5 or DES key. The challenges extend to 128-bit RC5 keys in increments of 8 bits each. The 40-bit prize was won shortly thereafter by Ian Goldberg, a student at Berkeley, who cracked it in 3.5 hours using a network of 250 computers that tested 100 billion keys per hour. The 48-bit prize was won a few weeks later by Germano Caronni, a student at the Swiss Federal Institute of Technology. Caronni harnessed the power of over 3,500 computers on the Internet to achieve a peak search rate of 1.5 trillion keys per hour. The key was found after 312 hours (13 days).
Although key length is significant to the strength of an algorithm, weaknesses in key management protocols or implementation can allow keys to be cracked that would be impossible to determine by brute force. For example, shortly after the French student cracked the 40-bit key in 8 days, Ian Goldberg and David Wagner found that the keys generated for Netscape could be hacked in less than a minute because they were not sufficiently random [17]. Paul Kocher showed that under suitable conditions, a key could be cracked by observing the time it took to decrypt or sign messages with that key [18]. Richard Lipton, Rich DeMillo, and Dan Boney at Bellcore showed that public-key cryptosystems implemented on smart cards and other tamperproof tokens hardware were potentially vulnerable to hardware fault attacks if the attacker could induce certain types of errors on the card and observe their effect [19]. Eli Biham and Adi Shamir showed that the strategy could also work against single-key systems such as DES and Triple-DES [20]. Thus, while key length is a factor in security, it is by no means the only one.
Because not all encryption systems have built-in key recovery mechanisms, there is also a market for recovering keys (and ultimately the plaintext) by other means, for example, brute-force attacks against short keys or attacks that exploit weaknesses in design or implementation. Many systems contain flaws, for example, in key management, that allow them to be cracked despite using long keys. In some cases, the key may be stored on a disk encrypted with a password that can be cracked. AccessData Corp., a company in Orem, Utah, provides software and services to help law enforcement agencies and companies recover data that has been locked out by encryption. In an interview with the Computer Security Institute, Eric Thompson, founder of AccessData, reported that they had a recovery rate of about 80-85% with large-scale commercial commodity software applications [23]. Thompson also noted that former CIA spy Aldrich Ames had used off-the-shelf software that could be broken. 2ff7e9595c
Comments