RC5-64 Success

Peter Trei writes "After over four years of effort, hundreds of thousands of participants, and millions of cpu-hours of work, Distributed.net has brute forced the key to RSA Security's 64 bit encryption challenge, winning a US$10,000 prize. Still outstanding Challenges carry prizes as high as $200,000. RSA's PR release is here. d.net's site has not yet been updated." Update: 09/26 16:59 GMT by CN : The good folks over at SlashNET are having a forum with the distributed.net crew on Saturday at 21:00 UTC. It'll be a great time to meet some of the people who made this possible.

d.net's site update

[ChronoZ]

Link here: http://www.distributed.net/pressroom/news-20020926 .html [distributed.net]

IRC discussion

[dotgod]

From the distributed.net announcment [distributed.net]

Also, please consider joining us on SlashNET IRC on Saturday 28-Sep-2002 @ 21:00 UTC (5:00PM EDT) for an online Q+A session on the RC5-64 project and the future plans for the distributed.net network.

Re:Heh ??

[veddermatic]

I'd say not.. in several years time, the average laptop / home PC will be able to crank out the work that the distributed project did in a week or so... meaning in a few years, an individual will be able to decrypt RC5-64 data in a realistic timeframe for (mis)use.

That's the point.... is RC5-64 (effectively) safe today? It sure the heck is.. this project proved that! Will it be safe in 5 years? Heck no, and that was the point.

Re:With apologies to Douglas Adams

[affenmann]

No, it is: "some things are better left unread". This doesn't apply to Douglas Adams, of course.

Re:d.net's site update

[Anonymous Coward]

There is a forum scheduled with the d.net guys on SlashNET [slashnet.org] this Saturday.

Re:With apologies to Douglas Adams

[KarmaBitch]

Almost :-D

0x63DE7DC154F4D03

You got a 4....

I'm sure 42 was tested in one of the 15,769,938,165,961,326,592 keys tried.

The unknown message is: some things are better left unread

Re:Are they going to share the prize?

[miltimj]

Hmmm... as it says here [distributed.net]:

RSA Labs is offering a US$10,000 prize to the group that wins this contest. The distribution of the cash will be as follows:

$1000 to the winner
$1000 to the winner's team - this would go to the winner if he wasn't affiliated with a team
$6000 to a non-profit organization, decided by vote
$2000 to distributed.net for building the network and supplying the code

The vote will be decided on through an extension of the statistics engine, with one vote per block per person.

And to think.. it took a few seconds to find that, and a couple minutes to type your post..

Re:Congratulations

[eddy]

Yes, and don't forget genome@home [stanford.edu]. You might consider joining the Wicked Old Atheists [gazonk.org] even :-)

Re:Heh

[Papineau]

Not really. If you consider that over 5 years, the average keyrate is 105.5 GKeys/sec, and the latest day averages were somewhere around 180 GKeys/sec, it means the same thing could have been finished in almost half the time, if it was started now with today's computers. Moore's law being what it is, if it really was started again now, it would take around half that time again, because more powerful CPUs are to be unveiled in that timeframe.

By their own estimates, it would take ~46000 Athlon XP 2GHz (now, where are you to find those right now?) to have 270 GKeys/sec (their peak rate in 5 years), which gives completing the keyspace in 790 days. Who would buy that much CPUs? Good question. With 2 dual MP motherboards in 1U (too lazy to find a link, I know somebody offers something like that), it would only take about 300 40U racks. Would you bet future national security on it? I don't think I would (and I'm not even american).

What it really shows is that brute-force can succeed, given enough time. But of course the more effective way to attack an encrytion algorithm is on the algorithmic side, because it helps you to find not only one cleartext, but all cleartexts encrypted with that algorithm.

Re:i cant even pronounce this number

[Krach42]

fifteen quintillion seven hundred sixty-nine quadrillion nine hundred thirty-eight trillion one hundred sixty-five billion nine hundred sixty-one million three hundred twenty-six thousand five hundred ninty-two.

In american english of course. I recall something about the british having "Millard" between million and thousand.

G4 800 faster than Athlon 2Ghz?!

[FyRE666]

Our peak rate of 270,147,024 kkeys/sec is equivalent to 32,504 800MHz Apple PowerBook G4 laptops or 45,998 2GHz AMD Athlon XP machines

Am I missing something here? Are they claiming the 800mhz G4 is over 1.4 times as fast as an Athlon 2ghz??

Looks like the writer has been exposed to the "Steve Jobs reality distortion field" for a little too long...

Re:FINALLY.

[McCart42]

No, you can still work on the optimal golomb ruler [distributed.net] project (OGR), which is an interesting distributed project that becomes exponentially more difficult for each added mark. Currently they are working on a 25-mark ruler, and verifying the 24-mark ruler. From the linked page: "OGR's have many applications including sensor placements for X-ray crystallography and radio astronomy. Golomb rulers can also play a significant role in combinatorics, coding theory and communications, and Dr. Golomb was one of the first to analyze them for use in these areas."

No.

[yerricde]

True, the company sponsored the contest, and asked that you try to break it, but technically speaking, couldn't they be prosecuted for it?

The DMCA's circumvention ban applies only to access control mechanisms on copyrighted works, when such mechanisms are broken without authorization. The RC5-64 encryption is not an access control mechanism on a copyrighted work.

Re:Sponsored by your local electric company...

[jgerman]

I'm not going to get drawn into an argument over why we're in a conflict with Iraq, or even whether or not we need the oil. The answer question is 0.

You've forwarded the proposition that

U.S. and Iraqi soldiers had to die to run the decryption.

Which yields the converse:

If wasn't run, no U.S. and Iraqi soldiers would have had to die.

Which is patently untrue. You're attempt at an emotional appeal as an argument was not only weak, it was stupid. You might as well have said that not turning off your lights when you're not using them causes soldiers to die.

Help out their customers !

[sh0rtie]

while seti is truly for the benefit of mankind, who is gonna really benefit from a cure to cancer, you think that cure is going to be dispensed for free ? even if the rest of the world solves the problem for them ?

while they do say they will not sell the results to drug companies , how are they going to distribute and manufacture these drugs, who will be in charge of pricing, how do you price a drug that is the cure for one of the most horrible diseases on the planet ?

the trouble i have with United devices is they call their relationships with these research groups "customers"

taken from their license agreement

Intellectual Property Rights. Member acknowledges and agrees that both the Licensed Program and any data distributed to Member's computer for processing constitute confidential and proprietary information belonging to UD and/or its customers and partners ("Customer/Partner Data"), and contain trade secrets and intellectual property protected under United States copyright and other laws, international treaty provisions and laws of other jurisdictions. Member agrees not to remove, obscure, or alter any notice of patent, copyright, trademark, trade secret or other proprietary right in the Licensed Program or Customer/Partner Data. This Agreement does not grant Member any rights in connection with any trademarks or service marks of UD or its customers and partners.

so AFAICS the data is a trade secret and of course you sign away all rights if a cure is discovered to them , remember finding the cure to cancer is akin to having a license to print money.

also

Incorporated Software. The Licensed Program may contain software from one or more third parties. Use of such third party software is subject to the terms and conditions of applicable third party license agreements, if any

meaning spyware ? who exactly am i donating my cycles to ?

maybe iam cynical i just think this project is not going to help many people except the drugs companies and those people who can afford the drugs, and you will buy them or you will die , pretty good sales incentive egh? ,

Remember the fight Africa had to get Aids drugs for cheap ?, and remember that wasnt even a cure all that drug did was treat the symptoms, so imagine how hard the people that need it most are going to fight when an actual cure is found.

ironically when a few people get anthrax attacks in the western world there is suddenly a drug available for free in massive quantities.

Sorry, while i agree that finding a cure for cancer is a good thing(TM) , this company (as in profit driven) just leaves a bad taste in my mouth, at least with the seti project no big corp is going to benefit financially from disovering there is other intelligent life out there and then hold the rest of the world to ransom with a chequebook as a release term.

Re:With apologies to Douglas Adams

[Jugalator]

No, it is: "some things are better left unread".

Actually, if you read closely, the plaintext output is:

"The unknown message is: some things are better left unread"

I admit I didn't get it at first, but if just you read closely... ;-)

Re:FINALLY.

[pben]

Internet-based Distributed Computing Projects [aspenleaf.com] has a good list of current projects. I have been waiting for Climate Prediction [climateprediction.com] to start. There have been several stories on it here before. In the mean time I have been giving spare CPU cyctes to Distributed Particle Accelerator Design [stephenbrooks.org].