By Rachel Chalmers

A planned competition will drive home the point that the US federal government’s 22-year-old Data Encryption Standard (DES) is vulnerable to decryption. RSA Data Security Inc wants the industry to understand just how insecure the venerable encryption algorithm really is. That’s why, on the morning of Monday, January 18, as the RSA ’99 cryptography conference kicks off in San Jose, the company will release the fourth in a series of DES- encrypted messages. The first team to recover the secret key and plain text of the message gets a cash prize, the size of which depends on how quickly they can get the job done. Every new contest raises the stakes. The first DES challenge was launched in January 1997, and the winning team, led by Colorado’s Rocke Verser, took a leisurely 96 days to recover the secret key. In February 1998, distributed.net cracked RSA’s DES Challenge II- 1 in 41 days. The idea behind distributed.net was to unleash the potential programming power of computers networked over the internet, but US government officials took the result out of context and used it to argue for greater controls on the export of strong encryption. If we hooked together thousands of computers and worked together for months we might, as was recently demonstrated, decrypt one message bit, FBI director Louis Freeh told Congress. That is not going to make a difference in a kidnapping case. It is not going to make a difference in a national security case. We don’t have the technology or the brute force capability to get to this information. Cryptographers were dismayed, saying that Freeh had missed the point. DES should no longer be considered highly secure, since in theory, specially-designed computers could crack encrypted messages much faster than distributed.net, however impressive an achievement distributed obviously is. In July of 1998, the Electronic Frontier Foundation (EFF) proved this point. Its purpose-built DES Cracker took only 56 hours to win RSA’s DES Challenge II-2. Freeh was proved wrong – the FBI could, after all, police DES-encrypted communications and therefore had no excuse for keeping it out of un-American hands (CI No 3,455). Another consequence of the EFF’s victory over DES was that banks, financial institutions and the government itself had to think hard about whether it is safe to continue relying on DES. As RSA Labs’ chief scientist Burt Kaliski, remarks: I think people don’t appreciate the availability of special purpose designs. The effort by distributed.net was not just about DES but was about organizing large distributed computations. They proved that you can get large numbers of users to cooperate but, as an exercise in code-breaking, it was too visible. What the EFF did was much more significant. They quietly build a machine for a modest amount of money. They’ve used it once, but they could potentially use it hundreds of times. That’s the threat to the security of DES. Alternatives to DES are already kicking around, most notably in the shape of the Advanced Encryption Standard (AES), which the National Institute of Standards and Technology is in the process of winnowing down from a field of fifteen proposed algorithms. There’s a conference in March that will review the 15 candidates and narrow that to five, says Kaliski. I don’t know how you get from five to one! By the time NIST makes its selection, it may be too late, he warns. I would advise banks and financial institutions to use alternatives to DES before AES, he says. It’s useful as a pure engineering exercise. People should look at what it takes to change to another algorithm. I compare it to the Y2K problem. He offers RSA’s Triple DES as a good interim solution. Everyone knows what it is, he says. It just costs three times as much as DES – but if you can afford it, why not? Another alternative is called DES X, and costs only slightly more than DES while adding significantly to security. With the DES algorithm likely to fall again during the industry’s most important conference, it is important to remember that there is life after DES.