Researchers using a supercomputer built for $250,000 have broken the government's data encryption standard (DES) in less than three days. In a press conference last week, the researchers warned that their ability to crack DES suggests that terrorists and other miscreants undoubtedly also find it ridiculously easy to unscramble encrypted data.
Government officials and some industry experts have said that it would take millions of dollars to build a supercomputer powerful enough to crack DES encryption code.
The encryption-breaking research was conducted as part of the RSA Laboratory's DES Challenge II contest and was spearheaded by the Electronic Frontier Foundation (EFF), non-profit civil liberties organization that deals with Internet privacy and security issues.
"We would like the government to finally admit that DES is not secure and to encourage stronger cryptography," said Barry Steinhardt, EFF president. The government has contended that it is not possible to build a computer that can break DES without enormous expense.
The EFF DES Cracker, as the supercomputer is called, was designed to break 56-bit encrypted code in record time. It accomplished that -- the previous record was 39 days using a huge network with tens of thousands of computers.
The U.S. government restricts exportation of technology beyond 40 bits and the researchers intended to show that even encryption that is stronger than that can be busted. Such security issues are likely to become greater as the cost of building supercomputers capable of breaking DES become less expensive, the researchers said.
"I could easily see where someone could do this as a science fair project in four or five or six years," said John Gilmore, leader of the EFF code-breaking project and co-founder of EFF.
It took Gilmore and Paul Kocher of Cryptography Research Inc. just 56 hours to figure out the key needed to read scrambled data, trying about a quarter of all of the possible key combinations. The researchers contend that ability debunks the government's arguments in favor of key recovery technology, which calls for a third-party to hold the "keys" to unscramble encrypted data.
"I believe that strong cryptography is the only way to protect ourselves," Kocher said at the press conference, where various of the code-breaking participants said that they believe that foreign governments, such as China, undoubtedly are routinely unscrambling encrypted data sent over the Internet.
DES is used in between one-third and one-half of the market for encryption products, according to data cited by EFF. Financial institutions tend to rely on the standard as does the satellite communications industry.
Those who use DES have long been aware of its potential to be cracked because they run risk assessments, the researchers said.
The team that built the DES-busting machine has not heard from the government regarding the successful unscrambling.