U.S. bank code is cracked
|
|
June 19, 1997: 8:38 a.m. ET
Team of programmers and students breaks Data Encryption Standard
|
NEW YORK (CNNfn) - A determined group of computer enthusiasts has broken the code used by many banks to protect financial data.
It is thought to be the first time the Data Encryption Standard has been cracked. The 56-bit DES has been the main method employed by financial institutions since 1977 as a way to guard against important files being invaded.
In January, RSA Data Security, Inc., a company specializing in encryption software, offered a prize of $10,000 to anyone who could break the code.
A team of university students, programmers and scientists, led by Colorado computer programmer Rocke Verser, took up the challenge. The group combined its collective computing power over the Internet.
Verser wrote encryption software that utilizes "brute force," basically garnering strength from the numbers and power of multiple computers. He distributed his software via the Internet so others could join in the effort.
The team began its attack in February. There are more than 72 quadrillion possible keys for the DES code. The team got a break early on and only needed to search just under 25 percent of those keys. The correct key was discovered on a 90MHz Pentium desktop computer with 16 megabytes of RAM.
The encrypted code message was "Strong cryptography makes the world a safer place."
Currently, the U.S. government allows the export of 56-bit encryption technology, although it has made exceptions. It is concerned that stronger code technology will be used by terrorists or other criminals.
RSA has criticized the government's stance and pushed for stronger technology exports.
"This demonstrates that a determined group using easily available desktop computers can crack DES-encrypted messages, making short 56-bit key lengths and unscaleable algorithms unacceptable as national standards for use in commercial applications," RSA President Jim Bidzos said in a statement.
The National Institute of Standards & Technology, which is responsible for the certification of DES as an official U.S. government encryption standard every five years, is due to consider extending DES certification later this year.
-- Randy Schultz
|
|
|
|
RSA Data Security
|
Note: Pages will open in a new browser window
External sites are not endorsed by CNNmoney
|
|
|
|
|
|