graphic
News > Technology
U.S. bank code is cracked
June 19, 1997: 8:38 a.m. ET

Team of programmers and students breaks Data Encryption Standard
graphic
graphic graphic
graphic
NEW YORK (CNNfn) - A determined group of computer enthusiasts has broken the code used by many banks to protect financial data.
     It is thought to be the first time the Data Encryption Standard has been cracked. The 56-bit DES has been the main method employed by financial institutions since 1977 as a way to guard against important files being invaded.
     In January, RSA Data Security, Inc., a company specializing in encryption software, offered a prize of $10,000 to anyone who could break the code.
     A team of university students, programmers and scientists, led by Colorado computer programmer Rocke Verser, took up the challenge. The group combined its collective computing power over the Internet.
     Verser wrote encryption software that utilizes "brute force," basically garnering strength from the numbers and power of multiple computers. He distributed his software via the Internet so others could join in the effort.
     The team began its attack in February. There are more than 72 quadrillion possible keys for the DES code. The team got a break early on and only needed to search just under 25 percent of those keys. The correct key was discovered on a 90MHz Pentium desktop computer with 16 megabytes of RAM.
     The encrypted code message was "Strong cryptography makes the world a safer place."
     Currently, the U.S. government allows the export of 56-bit encryption technology, although it has made exceptions. It is concerned that stronger code technology will be used by terrorists or other criminals.
     RSA has criticized the government's stance and pushed for stronger technology exports.
     "This demonstrates that a determined group using easily available desktop computers can crack DES-encrypted messages, making short 56-bit key lengths and unscaleable algorithms unacceptable as national standards for use in commercial applications," RSA President Jim Bidzos said in a statement.
     The National Institute of Standards & Technology, which is responsible for the certification of DES as an official U.S. government encryption standard every five years, is due to consider extending DES certification later this year.Back to top
-- Randy Schultz

  RELATED STORIES

Encryption bill nears vote - June 4, 1997

128-bit PGP export OK'd - May 29, 1997
  RELATED SITES

RSA Data Security

Note: Pages will open in a new browser window
External sites are not endorsed by CNNmoney




graphic

Contact Us Closed Captioning Manage Cookies+ Site Map

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.

Contact Us Closed Captioning Manage Cookies+ Site Map

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.