Frequently Asked Questions (FAQ) About the Electronic Frontier Foundation's "DES Cracker" Machine Table of Contents Introduction What are cryptography, encryption and cryptanalysis? What is DES? Who uses DES? What claims have been made about DES? What is the 'EFF DES Cracker' and how does it work? Who built the EFF DES Cracker? Does the EFF DES Cracker really work? How much did the EFF DES Cracker cost to build? Why was the EFF DES Cracker built? What should those who depend on DES do now that we are clear on its insecurity? How long should cipher keys be to avoid these attacks? How long does the EFF DES Cracker take to crack DES? How does this affect cryptographic algorithms other than DES? What standards are replacing DES? How does this relate to the movie "Sneakers?" Is the EFF DES Cracker practical or a laboratory curiosity? What has been the impact of export controls on cryptography? Have other groups studied the implications of controls over the research and application of cryptography? What is the Electronic Frontier Foundation (EFF)? Sources Introduction The Electronic Frontier Foundation began its investigation into DES cracking in 1997 to determine just how easily and cheaply a hardware-based DES Cracker could be constructed. EFF set out to design and build a DES Cracker to counter the claim made by U.S. government officials that American industry or foreign governments cannot decrypt information when protected by DES or weaker encryption, or that it would take multimillion-dollar networks or computers months to decrypt one message. Less than one year later and for well under US $250,000, EFF's DES Cracker entered and won the RSA DES Challenge II-2 competition in less than 3 days, proving that DES is not secure and that such a machine is inexpensive to design and build. The following FAQ answers questions about the government's Data Encryption Standard and the EFF DES Cracker. What are cryptography, encryption and cryptanalysis? CRYPTOGRAPHY is the science of code writing, and cryptographic research explores and develops theories and methodologies for rendering messages or information unintelligible to others. Up until the early 1970s, cryptography was the almost exclusive concern of governments. During the past 15 years, however, there has been an explosion of academic and private sector interest in the field. The widespread use of computers and electronic data storage and transmission, marked most recently by the privatization and rapid growth of the Internet, has generated strong demand for scientific and technical solutions to ensure the security of information and computer-mediated communications. ENCRYPTION is applied cryptography - the use of cryptographic products or processes, e.g. to protect data or to authenticate a transaction. CRYPTANALYSIS is code-breaking, that is, the "cracking" of an encryption algorithm or system to reveal the hidden data ("plaintext"), either to get at the data for its own sake, or to test the strength of the encryption being used. What is DES? The Data Encryption Standard (DES) is a published federal encryption standard created to protect unclassified computer data and communications. DES has been incorporated into numerous industry and international standards since the Secretary of Commerce first approved DES as a Federal Information Processing Standard during the height of the Cold War in the late 1970s. The encryption algorithm specified by DES is a symmetric, secret-key algorithm. Thus it uses one key to encrypt and decrypt messages, on which both the sending and receiving parties must agree before communicating. It uses a 56-bit key, which means that a user must correctly employ 56 binary numbers, or bits, to produce the key to decode information encrypted with DES. Who uses DES? Promulgation of DES as a stable and certified technology stimulated supply and demand, and DES is now generally believed to be the most widely used general-purpose cryptosystem in the world. Although the initial selection of the algorithm was controversial since the NSA was involved in its design, DES has gained wide acceptance and has been the basis for several industry standards, mainly because it is a public standard and can be freely evaluated and implemented. DES technology is readily available worldwide, and several international standards have adopted the algorithm. The process by which DES was developed and evaluated also stimulated private sector interest in cryptographic research, ultimately increasing the variety of commercial security technologies. By 1993, 40 manufacturers were producing about 50 implementations of DES in hardware and firmware that the National Institute for Standards (NIST) had validated for federal use. Another estimated 60 companies were producing software implementations of DES. A 1993 industry estimate of U.S. sales of DES hardware and software products was between $75 million and $125 million annually (OTA, 1994). In April 1994, a survey of products using cryptography in the United States and abroad conducted by the Software Publishers Association identified 245 domestic encryption products using DES. Trusted Information Systems reported that DES was found in 281 foreign and 466 domestic encryption products -- between a third and half of the market -- as of December 1997. What claims have been made about DES? The U.S. government has increasingly exaggerated both the strength of DES and the time and cost it would take to crack a single DES-encrypted message. For instance, at a June 26, 1997, U.S. House of Representatives' Committee on International Relations hearing on the encryption issue, both the Director of the FBI, Louis Freeh, and the Deputy Director of the NSA, William Crowell, testified that the government does not have the technology or the "brute force" capability to break into encrypted information. In fact, they cite the winners of last year's challenge by RSA Laboratories, who cracked a message encrypted with 56-bit DES in five months using the distributed computing power of the Internet, as evidence of the impracticality of accessing information encoded with DES. In addition, they also asserted that American industry could not decrypt real-time encryption over a very minimal level of robustness. At one point, Freeh turned to Crowell and asked, "If you gave me $3 million to buy a Cray computer, it would take me how many years to do one message bit?" Crowell replied, "64 bits, 7,000 years." (See http://jya.com/hir-hear.htm ). Earlier this year, the Principal Associate Deputy Attorney General Robert S. Litt testified before the U.S. Senate Judiciary Committee's Subcommittee on the Constitution, Federalism, and Property that brute force decryption takes too long to be useful to protect the public safety. He went on to say, "decrypting one single message that had been encrypted with a 56-bit key took 14,000 Pentium-level computers over four months; obviously these kinds of resources are not available to the FBI." (See http://www.computerprivacy.org/archive/03171998-4.shtml ). What is the 'EFF DES Cracker' and how does it work? A 'DES Cracker' is a machine that can read information encrypted with DES by finding the key that was used to encrypt that data. The easiest known way to build a practical DES Cracker is to have it try every key until it finds the right one. The design of the EFF DES Cracker is simple in concept. It consists of an ordinary personal computer with a large array of custom "Deep-Crack" chips. Software in the personal computer instructs the custom chips to begin searching for the key, and also functions to interface with the user. The software periodically polls the chips to find any potentially interesting keys that they have located. The hardware's job is not to find the answer, but rather to eliminate most incorrect answers. The software can then quickly search the remaining potentially correct keys, winnowing the "false positives" from the real answer. The strength of the machine is that it repeats a search circuit thousands of times, allowing the software to find the answer by searching only a tiny fraction of the key space. With software to coordinate the effort, the problem of searching for a DES key is "highly parallelizable." A single DES-Cracker chip could find a key by searching for many years. A thousand DES-Cracker chips can solve the same problem in one thousandth of the time. A million DES-Cracker chips could theoretically solve the same problem in about a millionth of the time. The actual machine EFF built contains about 1,500 chips. Who built the EFF DES Cracker? The Electronic Frontier Foundation organized and funded the project to build the EFF DES Cracker. Paul Kocher of Cryptography Research ( http://www.cryptography.com ) led the architecture and software team, which also included John Gilmore of EFF. The hardware was designed and built by Advanced Wireless Technologies ( http://www.awti.com ), with assistance from Mike Cheponis of California Wireless ( http://www.wireless.com ) and Mitch Bradley and Mark Insley of FirmWorks ( http://www.firmworks.com ). The software uses the very fast DES library "libdes-4.01", created by Eric Young ( http://www.cryptsoft.com/~eay/ ). John Gilmore provided overall project management and edited a book, Cracking DES, published by O'Reilly and Associates. Bruce Schneier ( http://www.counterpane.com ) provided test problems for the machine. Clif Cox provided the remote communications infrastructure. Levi Kruger designed the project's "crumbling stone letters" logo. Lee Tien ( mailto:[email protected] ) and John Liebman ( http://www.McKennaCuneo.com ) provided legal assistance. Phil Zimmermann of Network Associates provided software for printing and scanning source code. Jean-Jacques Quisquater, Yvo Desmedt, Ian Goldberg, David Wagner, and Michael J. Wiener provided their technical papers on cracking DES for the book.