The Fall of the Data Encryption Standard

Interhack founder Matt Curtin will discuss with the Central Ohio Chapter of ISACA Brute Force, his first-hand account behind the undoing of the Data Encryption Standard.

Speaking before the Central Ohio Chapter of the Information Systems Audit and Control Association (ISACA) on November 10, Interhack founder Matt Curtin will discuss his latest book, Brute Force: Cracking the Data Encryption Standard.

For twenty years, the Data Encryption Standard (DES) was the workhorse of protecting electronic information. Criticized for years as too weak for even commercial use, DES became the focus of cryptographers the world over when RSA Data Security, Inc., (now known as RSA Security) offered a prize of $10,000 to the first individual or team to break a message that it encrypted with DES—a sitting U.S. Government standard in 1997. Cryptography was hotly debated in Congress during the summer, some arguing in favor of greater restrictions and others arguing for the elimination of government control.

In June 1997, a group of volunteers coordinated by Loveland, Colorado programmer Rocke Verser with support from Ohio State graduate student Justin Dolske and Matt Curtin demonstrated the system's weakness by breaking RSA's test message—literally changing the debate in Congress overnight.

Today, cryptography is largely free from government restriction, DES has been retired as a government standard, and organizations of all sizes are free to use strong cryptography to protect themselves and their customers.

About Brute Force

Brute Force is Curtin's first-hand account from the front lines of the Crypto Wars, covering technology, policy, and the sociology of the Internet as an emerging mechanism to organize thousands of volunteers with a single purpose.

With a Foreword by John Gilmore of the Electronic Frontier Foundation, Brute Force tells an important story about technology and its impact on the lives of ordinary people living in an increasingly digital world.


ISACA is a global organization for information governance, control, security and audit professionals. Its IS auditing and IS control standards are followed by practitioners worldwide. Its research pinpoints professional issues challenging its constituents. Its Certified Information Systems Auditor (CISA) certification is recognized globally and has been earned by more than 40,000 professionals since inception. Its new Certified Information Security Manager (CISM) certification uniquely targets the information security management audience. It publishes a leading technical journal in the information control field, the Information Systems Control Journal. It hosts a series of international conferences focusing on both technical and managerial topics pertinent to the IS assurance, control, security and IT governance professions. Together, ISACA and its affiliated IT Governance Institute lead the information technology control community and serve its practitioners by providing the elements needed by IT professionals in an ever-changing worldwide environment.

About Interhack

Interhack is a provider of information assurance, forensic computing, and other advanced computing services based in Columbus Ohio. With clients all over North America, Interhack helps companies of all sizes understand how information security can best work for them, balancing utility and risk. Interhack can be found on the web at

# # #