ECC2-109 Winners Certified

An anonymous reader writes "The ECC2-109 encryption challenge has now been broken and certified! Certicom announced on Tuesday that the winners, a team from Ars Technica and a member of TeamIMO, will both receive $2500 each for the matching distinguished pairs that has solved the elliptical curve encryption scheme."

Why the challenge?

[kentsin]

Just one crack is enough? Or shall we wait for better crack? To find if the method have weakness, we should open for more easy crack forever.

The current scheme does not encourage a better crack. Or expose the method for fully tested.

It will be very dangerous if the I.T. security is based on such a weak test system. Especially when many policy maker buy these security protection without aware of full picture.

In the real world, people grant trust based on the information they got from the media, the more mentation these on the news, the more they will trust a system. It is extreamly danger. Especially when digital security is going mainstream.

Re:How to get the prize money up...

[syousef]

Nahhhh.

Have you watched any reality TV? It may be reality but its reality for stupid people.

Anything intellectual means immediate ellimination. Dumb as a brick eye-candy stays and rates highly. Hypocrisy, backstabbing, lack of general knowledge and an overinflated ego equate to bonus points.

Pretty + dumb + egotistical + hypocrit + backstabbing = "reality"

Re:bah

[Grant29]

I'll take it any day.. What's my loss? My computer's always on, so I guess I'm burning some electricity and lost CPU cycles. But it's probably cheaper than the lottery and I'm sure it's got about the same odds. At least you are donating something towards research. In the end, the contest host always wins, but it's a way for the USA to advance our tech research.

--
Retail Retreat [retailretreat.com]

That's a lot of processing

[haxeh]

Now let's run the same test, but instead of attacking the algorithm, let's see how many hours it takes to social engineer the key :)

Brute force

[Anonymous Coward]

Is it just me, or is there no real point to these encryption challenges? Brute forcing one particular key doesn't help you attack the encryption algorithim in general, and we can already calculate about how long it will take to crack with current processors. Other than the prize money, there is no reason to participate (except maybe for bragging rights, but finding an algorithmic flaw would get you so much more). Perhaps the prize money and CPU time might be better spent searching for a cure for cancer? I know there's a distributed computing project out there that does just that (no link right now, I'm lazy), and this *is* a case where the computers are just as good at calculating numbers for cracking encryption as calculating numbers for saving lives.

Re:How to get the prize money up...

[Anonymous Coward]

Wow, what is it that you have against reality tv that makes you so jaded? Did your entry tape miss the deadline? Or are you just THAT upset about not being picked to play a game for a million dollars that you think you could win?
Want to talk about "reality"? Well, in "reality" your pasty white ass wouldn't be able to outrun the oldest female on the show and you'd look like the complete uber-nerd while being voted off the first show. All you would do is complain about how the show is not what it's cracked up to be behind the scenes, but your complaining would be drowned out by the boo's you'd recieve for being such an idiot to think otherwise in the first place.

I enjoy some of what reality tv has to offer because I find it to be as entertaining as any other tv show that's on. Do I really care if what I'm watching is real or not? no. Don't bash my survivor just cause you think it will make you popular in your own fucked up view of reality.

So STFU, the tribe has spoken.

You can do better stuff with CPU time!

[enosys]

Trying to crack encryption with brute force is so pointless. I don't think it actually accomplishes anything useful. The length of time and amount of resources that are needed can be understood theoretically, without any need for running the experiment. The real threat to an encryption scheme is from new much faster methods cracking methods and these sorts of contests don't seem to encourage that; it's mostly about brute forcing it.

More importantly there are more useful distributed computing projects. Here is a pretty good index [aspenleaf.com]. For example there's Folding@Home [stanford.edu] which furthers our onderstanding of proteins, which are so important in so many life processes and diseases, and fightAIDS@home [scripps.edu] which has already found a promising new drug [aspenleaf.com]. Or how about SETI@home [berkeley.edu]? Trying to crack encryption by brute force seems like such a waste in comparison to these.

Perhaps the encryption contests are so popular just because you can win money. It's like a lottery. Maybe the only thing that could be done would be to have a cash prize for significant findings in other projects, or if who did it can't be defined due to the nature of the algorithm, maybe even just an ordinary lottery?

It serves a couple of purposes

[Sycraft-fu]

1) It gives you a real world baseline of what kind of current power it takes to break your keys. You can then make some educated projections about what kind of security these keys will offer in the future. Computing power has and continues to grow at a fairly predictable rate. Thus you can infer how long a specific level of key will take to crack at a given point in the future, assuming no new mathematical or processing systems. Which leads us to

2) It encourages people to try novel types of attacks. Yes, there are those that are just doing a brute attempte and they are there fore reason #1. However there are those that will try to come up with new algorithms, new hardware, or a combination, to defeat your encryption and prove it weak. This is what it's all about. You don't prove encryption strong, you continually prove that it's not weak, lending creedence to the theory that it is strong.

Is this what /. has become?

[futant138]

It would appear that the technical/geek community on /. has little to say to articles like this. However, to the silliest shit posted get's incredible feedback. Most of it moderated funny. I come here everyday and I'm not sure why.

Re:How to get the prize money up...Reality TV?

[Anonymous Coward]

- Donald Trump per episode (first season) 'The Apprentice' $50,000.00
- Donald Trump per episode (next season) 'The Apprentice' $215,000.00
- Britney Spears reality show per episode $1,000,000.00
- Exercises in F2m elliptic curve discrete log computation intended to probe the limits of a particular cryptography system $2,500

Need we say more?

Re:How to get the prize money up...

[HoppQ]

Anything intellectual means immediate ellimination. Dumb as a brick eye-candy stays and rates highly. Hypocrisy, backstabbing, lack of general knowledge and an overinflated ego equate to bonus points.

I think my work place must be a reality show.

You were joking (well, modded funny at least), but my university Swedish teacher said that the reality shows (well, he was talking about the Swedish Expedition Robinson) are interesting because they depict how society in general works: the very best and very worst are the first ones to go (voted out).