On June 17, 1997, a group of friends proved that it didn’t take too much effort—or computer power—to bring down 56-bit symmetric encryption, then the U.S. Department of Commerce’s standard for security.
Since 1976, the government and financial institutions had relied on the Data Encryption Standard, or the DES, to protect sensitive information. Originally proposed by IBM as a 128-bit solution under the name “Lucifer,” DES was reduced to 56 bits by the National Institute of Standards and Technology (NIST) and declared the national standard for security on Nov. 23, 1976. And for 20-plus years, DES was fairly secure—until desktop computers became fast enough to coordinate a brute force attack that could run through the more than 72 quadrillion possible encryption keys in a 56-bit system.
DESCHALL cracks the code
Realizing that computers had reached that capacity, RSA Security Inc. issued a challenge with a prize of $10,000 to the first team that cracked the DES algorithm. The winning team—Rocke Verser, Matt Curtin and Justin Dolske—called themselves “DESCHALL” for “DES Challenge” and cracked the code using an Internet-based infrastructure. DESCHALL team members used every computer they could get their hands on to systematically try every possible key combination. In the end, they hit the correct key after testing only 25 percent of possible combinations over the course of five months.
To further prove the point that 56-bit encryption wasn’t secure, RSA issued two more DES algorithm challenges, encouraging participants to crack the code in less time than achieved in the prior challenge. Both times, the challenge was met.
In response, NIST adopted the Advanced Encryption Standard, or AES, as the global standard for security on Dec. 4, 2001. AES relies on the Rijndael algorithm, which offers 128- to 256-bit encryption keys—which means that for 128-bit security, there are there are approximately 340 undecillion possible keys. (That’s 340 followed by 36 zeros, just in case you are unfamiliar with “undecillion.”)
Photo: Sashkin / Shutterstock.