DES challenge news (fwd)
Ulf Möller
3umoelle at informatik.uni-hamburg.de
Wed May 14 16:33:56 PDT 1997
Distributed key cracking efforts have been discussed in detail on
cypherpunks and coderpunks for quite some time. A Swedish group
trying to solve RSADSI's DES challenge chose to ignore the results.
Here is what they got (from RISKS 19.14):
>Date: Mon, 12 May 1997 17:56:54 +0200 (MET DST)
>From: Thomas Koenig <ig25 at mvmap66.ciw.uni-karlsruhe.de>
>Subject: DES challenge news
You may remember RISKS-19.09, in which I discussed the risks in a
network-wide attack on the RSA DES challenge: The Swedish group at
http://www.des.sollentuna.se/ didn't give out its source, so the client
could, in fact, do anything, such as crack a master EC-card key. The reason
given was client integrity.
Well, a month after this, the promised source code release has not happened.
Instead, it appears that somebody disassembled part of the client, made a
version that reported fake "done" blocks, and then sent these to the
servers.
Moral? Don't ever think that nobody can read compiled code. Don't try to
run a cooperative effort like this in a closed development model.
Thomas Koenig, Thomas.Koenig at ciw.uni-karlsruhe.de, ig25 at dkauni2.bitnet.
------------------------------
More information about the Testlist
mailing list