DESCHALL Source Code Released

Source code to the key-cracking clients that won the $10,000 1997 DES Challenge is now available for download.

Implementation of Fast Key-Cracking Open to Review

SAN FRANCISCO, CA (February 6, 2007). Ten years ago, a battle raged over the future of cryptography, the technology that keeps electronic data safe from prying eyes. On one hand, private-sector cryptographers argued that a stronger standard needed to be adopted and that restrictions on the use of cryptography needed to be relaxed. On the other hand, government officials complained to Congress that greater restrictions were needed to help law enforcement police the Internet. Wiretaps, they argued, were a critical component of online law enforcement and a single message encrypted with the sitting government standard would require a $30 million supercomputer one year and eight-seven days to break—time and expense simply unavailable to the authorities.

RSA Data Security, Inc., (now RSA, the Security Division of EMC) launched a contest, offering $10,000 to the first group that could break the message encrypted with the sitting government standard. The team that came to be known as DESCHALL, led by Rocke Verser of Loveland, Colorado, won that contest, breaking the message that said, “Strong Cryptography Makes the World a Safer Place.” The project was one of the largest computations ever performed, using thousands of computers all over the U.S. and Canada; the machine that found it was not a supercomputer, but a regular 90 MHz Pentium-powered desktop computer.

Matt Curtin, a DESCHALL project coordinator supporting Verser, documented the inside story of the project in his book, Brute Force: Cracking the Data Encryption Standard (Copernicus Books, 2005). One critical component of the project, however, has been a secret for ten years: the code that powered the fast key-cracking clients. Today, the code for the classic fast clients for 486, Pentium, and Pentium Pro processors is released, along with code for the client distribution system, joining the code for the firewall-traversing gateways that was previously released.

Source code is available for download from the Interhack Research site that maintains the project history, including mailing list archives. Curtin will be signing copies of Brute Force at the conference.