MIT Computers Compete To Crack DES EncryptionBy Frank Dabek
Associate News Editor
Students and faculty at MIT are becoming increasingly active in an Internet-wide effort to break the 56-bit Data Encryption Standard algorithm, an encryption method commonly used by the government and the private sector to protect sensitive information. RSA Laboratories is offering $10,000 to the first person who obtains the correct key.
MIT computers are working with computers from hundreds of other universities and businesses across the nation in several brute-force attempts to crack the encryption system, which was created by RSA. The networks of computers are trying each of the 72,057,594,037,927,936 possible keys to find a match.
An informal rivalry has also developed, as different universities attempt to determine who can test the most keys each day.
As of Sunday, 226 machines in the mit.edu domain were contributing to one effort, organized by Rocke Verser at http://www.frii.com/~rcv/deschall.htm, to link machines over the Internet. Verser has agreed to share $4,000 of the $10,000 prize to the individual whose machine finds the actual key.
MIT machines tested over 6 million million keys Sunday, putting it in fifth place behind the University of Illinois at Urbana-Champaign, Oregon State University, Pennsylvania State University, and Carnegie-Mellon University. MIT peaked at third place last week.
At the current rate at which keys are being checked, it is estimated that the code will be broken in approximately 27 weeks. However, because the number of machines participating has been growing rapidly - doubling every eight to 11 days - the key may be found much sooner.
Athena resources may be used
James M. Kretchmar '99, chairman of theStudent Information Processing Board, said that SIPB was "thinking about installing a client" to allow students to run the client while they were logged in if they wished.
"We can't automatically run the client on workstations," he said. "We're not IS." In addition, "[users] should get full resources" of the Athena workstation they are using while running a DES challenge client.
Kretchmar said that SIPB had not resolved which effort to join. Verser's effort is only one of several plans to break the key. SIPB is looking at an effort based on an algorithm developed at MIT, Kretchmar said.
Since finding the key will result in a monetary gain, questions arise as to whether participating in this contest violates Athena rules of use. "The Internet is available for student use," said Karen Hersey, intellectual property counsel for IS. However, students are "not supposed to be conducting commerce" using the Internet.
It is "probably questionable" whether the effort would be considered a commercial effort since it has "educational value," Hersey said. But if the effort became a nuisance by overloading resources, IS might step in to stem its growth, she said.