outer@utcsrgv.UUCP (Richard Outerbridge) (11/15/83)
From the TORONTO STAR, Afternoon Edition, Mon. Nov. 14th 1983, page A3. "3 Waterloo professors crack 'unbeatable' computer code" KITCHENER (CP) - Three University of Waterloo professors have cracked a computer security system developed for the United States government and considered unbeatable by U.S. experts. "Their success has raised concerns that less well-intentioned individuals may also gain access to vital computer information. ""Most banks are not using security for daily transmissions," said Ian BLAKE, one of the professors. "It's...hard for a company to know they've been robbed." "BLAKE, Ron MULLIN and Scott VANSTONE, under contract to the Canadian government, which wanted to adopt a computer security system, began working on breaking the U.S. code 18 months ago. "The security system, known as the DATA ENCRYPTION STANDARD, was developed by IBM Inc. in the 1970s. It scrambles messages at one end of a conversation between computers and unscrambles them at the other. Security lies in passwords needed to interpret a message. "The passwords, a combination of characters programmed into computers or installed on a computer chip, can be frequently changed. "So many passwords are possible that the system's creators thought it would take 1,000 years for a computer to find the right one. "The Waterloo trio learned to break the code IN AN HOUR. U.S. experts are trying to devise a system with longer passwords to outflank the professors' work." (emphasis ADDED) = 30 = Welll, if the Canadian Press has got it right - remember the article quoted a couple of weeks ago about a Galois Field PubKey being cracked at Waterloo by the same people - it looks as though the sceptics have the last laugh after all. Can anyone at Waterloo comment on these reports? Richard Outerbridge ..!utcsrgv!outer U of Toronto CSRG
leichter@yale-com.UUCP (Jerry Leichter) (11/16/83)
I can't comment on this article, but I did get hold of the previously-mentioned one about the proposed DES key-distribution technique. (For the record, it is: "Computing Logarithms in Finite Fields of Characteristic Two", by I.F. Blake, R. Fuji-Hara, R.C. Mullin, and S.A. Vanstone. I have a copy of a University of Waterloo pre-print with no identifying number or indication of where or when it will be published.) The article looks good; these people have know whereof they speak. It is, of course, possible that the Star distorted their findings - the press isn't very good at understanding what is going on in technical fields - but if they are really claiming they can break DES, I'd believe them. -- Jerry decvax!yale-comix!leichter leichter@yale
leichter@yale-com.UUCP (Jerry Leichter) (11/19/83)
utcsrgv!outer posted an article from the November 14th issue of the TORONTO STAR which claimed that a group at U of Waterloo had broken DES. One of the theory students here - Josh Cohen, to give credit where credit is due - managed to get in touch with the appropriate people at Waterloo. (They are in the Math Department, BTW.) The newspaper article was incorrect. They mistook the previously-discussed work at Waterloo that cracked a particular proposed key distribution technique to be used in conjunction with DES (based on discrete logarithms) with DES itself. A retraction was published in the next day's STAR. DES seems to be holding up against analytic attacks - so far. (There are, of course, huge arguments about whether the 56-bit keyspace is small enough to allow practical exhaustive search techniques, as proposed by Hellman several years ago.) -- Jerry decvax!yale-comix!leichter leichter@yale