Programmers Crack Encryption Code--in 4 Months
Thousands of computer users broke a government-endorsed code that protects electronic money transfers, but experts say financial institutions are hardly at risk since it took four months.
The group, organized by programmer Rocke Verser, read a message that had been scrambled using a code known as the Data Encryption Standard, which was considered almost unbreakable when introduced in 1977. It is required in most federal agencies but not the military, and is also widely used in the private sector.
Critical information in computers is protected by DES and other encryption programs that use very large numbers to scramble information. Only the correct “key” can unlock the encrypted information. The longer the key, the harder it is to crack.
Most financial institutes use what it known as dynamic key exchange, which changes the keys almost constantly during a transaction. Taking months to crack the code wouldn’t do thieves much good, experts say.
Verser and his group were responding to a $10,000 challenge offered in January by RSA Data Security Inc., a Redwood City, Calif.-based company that sells encryption programs.
The code was finally broken Tuesday, revealing the message, “Strong cryptography makes the world a safer place.”
The code-cracking doesn’t have much practical uses, but it’s a harbinger of things to come, said David Weisman, director of money and technology strategies for Cambridge, Mass.-based Forrester Research.
“It’s not something to cause a panic. But people have known that as computing power increases, key lengths have to increase,” he said.
The incident is likely to prompt more calls for relaxing U.S. laws that restrict the export of longer codes.
The actual attack on the code was quite simple. Verser wrote a program that ran through every possible combination that might unlock the coded message--72 quadrillion of them in all.
Then he put a copy of the program on his Web site and invited others to work on cracking it. Anyone could download the program, which would then run in the background as they went about their work.
The project began with 20 computers and ended with 14,000 working on the problem. All told, they used 10 million hours of computer time. Had they started with 14,000 computers it would have taken about 30 days, Verser said from his Loveland, Colo., home.
