. 36
( 41 .)


chines were at a serious disadvan- 440
tage (using only a few optimiza-
Jun 15
Jun 14
Jun 13
Jun 12
Jun 11
Jun 10
Jun 09

tion techniques, showing mild
performance gains) by compar-
Fig. 11. DESCHALL Keys Tested Per
ison to the PC users who had Day (in Trillions), June 9“15
highly optimized clients. (Since
the smaller computers are much
more common, performance gains made there would have a greater im-
pact, so starting with the most common systems made the most sense.
At the time that Verser was writing his fast DES routines, optimization
methods for 64-bit systems like bitslicing had not yet been published.)
The tables were now tipping heavily in the other direction: the more
sophisticated machines were ¬nally getting the clients that would take
advantage of their capabilities.
Duct Tape 253

A look over the top site rankings and the performance per platform
readily showed this to anyone who even glanced at those statistics.
As part of the fallout for that weekend™s activity, people were once
again asking whether people who were contributing relatively small
amounts of processing power were going to drop out, with the likes
of Sun, Carnegie Mellon University, and others putting extremely fast
hardware with heavily optimized clients on the job.
After hashing out the issue once again, the conclusion was the same
as it had always been: until such a point where we have so many clients
that we are inhibiting the keyserver™s ability to respond, each client
While the debate about the importance of small contributors contin-
ued on the DESCHALL mailing list, Verser composed a private message
to several of us who had been discussing the issue on the list.
Addressing the issue of morale among the participants, Verser wrote
that one week earlier, we had considered reporting how much of the to-
tal computational power each domain was contributing. In the end,
though, we decided against it, because the statistics could easily be
calculated by interested participants. Verser and others were also con-
cerned that smaller organizations might give up, ¬guring that they were
contributing “nothing” in the face of the horsepower that the likes of
Sun Microsystems were throwing at the project.
Verser noted that daily statistics showed that roughly forty percent
of the work was being done by small domains”those contributing less
than one percent of the total processing power. Another ten percent
was being done by even smaller domains”those contributing less than
one-half percent of the total.
Having seen numerous universities and companies learn of DES-
CHALL and organize themselves to run the client software time and
again, Verser wrote, “The nature of this project is that a given [or-
ganization] tends to rise rapidly to a peak, as the organization rapidly
mobilizes most of their available computing power; and then (compared
to others) the organization gradually declines.” No matter how big an
organization is, there™s always one bigger, and no site can continue to
double the work it was contributing every week, every other week, or
even every month, as had been happening with the big campuses lately.
There was another reason for the smaller domains to continue par-
ticipating. Ironically, as the “big ¬sh” continued to join the project and
to contribute more processing power, the odds of a “little ¬sh” ¬nding
254 CHAPTER 36

the key were actually increasing”on the basis of likelihood per pro-
cessing cycle expended. At the beginning of the project, the chances
of each key being tested was roughly one in 72 quadrillion (that™s 72
thousand billion). By mid-June, the chances had improved to one in
55 quadrillion. As more keys got eliminated from the list of possible
matches, the odds continued to improve”eventually reaching a one in
one chance in the unlikely event that the correct key was the very last
key scheduled to be tested.
Verser concluded that he was grateful for all contributions”each
helped to bring the “expected date of completion” from some 200 years
down to thirty-six days.

Tuesday, June 17, 8:29 P.M.
North¬eld, Massachusetts

Seth D. Schoen was participating in DESCHALL in his senior year
at North¬eld Mount Hermon, a college-preparatory boarding school.
After graduating earlier that month, he was able to spend more time on
DESCHALL and began to think about the milestone that the project
was rapidly approaching.
Because of working tirelessly week after week, we were going to cross
the threshold of twenty-¬ve percent of the total keyspace being tested
in the next day or two.
Thinking that it had been a while since our last press release, or
at least seeing the opportunity for a party, Schoen posted to the DES-
CHALL mailing list, asking “Is anybody planning either a party or a
press release for the forthcoming twenty-¬ve percent of keyspace com-
After articulating a few di¬erent angles that we could use in a press
release to recruit more participants, Schoen concluded with, “If AP
[Associated Press] picked up on DESCHALL . . . I think the keyrate
could get a pretty nice boost.” It was a nice thought, and indeed ev-
ery major news organization around the world would soon report on
Showdown in the Senate

Tuesday, June 17
Capitol Hill, Washington, D.C.

The Secure Public Networks Act of 1997 was o¬cially introduced by
its sponsors, John McCain and Bob Kerrey in the Senate Commerce
Committee. O¬ered as a compromise on the contentious cryptography
policy issue, the bill had a striking resemblance to the draft legisla-
tion that the Clinton administration proposed in March”essentially
requiring government access to keys used to encrypt data.
The other major cryptography legislation in the Senate”in many
ways the opposite of the McCain-Kerrey bill (and the Clinton admin-
istration™s proposals)”was the the Promotion of Commerce Online in
the Digital Era, or Pro-CODE, Act, which was sponsored by Sena-
tors Conrad Burns and Patrick Leahy. Like the SAFE Act making its
way through the House, Pro-CODE was intended to reform encryption
policy, acknowledging that cryptography was already widely available,
and allowing U.S. companies to participate in these international mar-
kets that were already being served by foreign competitors. The Senate
Commerce Committee, chaired by Senator McCain, was set to vote on
the Pro-CODE bill on Thursday, June 19.
The McCain-Kerrey bill tried to keep cryptography from being used
by criminals against law enforcement o¬cials but in reality did nothing
to protect the privacy of Internet users or the security of their electronic
transactions. In fact, it would require U.S. citizens to use key recovery
systems approved by the federal government, require electronic com-
merce transactions to be conducted with government-approved key-

256 CHAPTER 37

recovery systems, allow the federal government access the keys needed
to read encrypted messages without a court order, create new criminal
penalties for people who used cryptography that was not on the gov-
ernment™s list of approved systems, and codify the 56-bit key as the
limit on products for export. All of this was proposed in the name of
preventing criminals from using cryptography that could prevent gov-
ernment investigators from discovering and prosecuting them. Arguing
that to allow strong cryptography is to be soft on crime makes for a
tempting sound bite for political purposes, but hardly makes sense.
Imagine seeing legislation proposed that requires citizens to leave the
doors to their homes unlocked or to give a copy of their keys to the
federal government, all for the purpose of making ¬ghting crime easier.
The notion is absurd.

Tuesday, June 17
Center for Democracy and Technology, Washington, D.C.

As soon as the text of the McCain-Kerrey bill was available, two
Washington computer privacy advocacy groups went into action. The
two groups”the Center for Democracy and Technology and Voters
Telecommunications Watch”issued a press release and posted a call
for action in the Crypto-News newsletter. The release characterized
the new McCain-Kerrey bill as a false compromise which would do
“nothing to protect the privacy and security of Internet users.”
Instead, the new bill represented, the alert cautioned readers, “a full
scale assault on your right to protect the privacy and con¬dentiality of
your online communications.”
In its description of the status of the situation, Crypto-News said:

On Thursday, June 19, the Senate Commerce Committee is
scheduled to hold a vote on S. 377, the Promotion of Com-
merce Online in the Digital Era (Pro-CODE) Act”an Internet-
friendly encryption reform bill sponsored by Senators Burns (R-
MT) and Leahy (D-VT).
Senator McCain, the Commerce Committee Chairman, is
expected to try and substitute his proposal for Pro-CODE”
gutting the proposal and inserting provisions which would all
but mandate guaranteed government access to your private com-
Showdown in the Senate 257

Please take a few moments to help protect your privacy and
security in the Information Age by following the simple instruc-
tions below.

Following this call to action came a list of Senate Commerce Com-
mittee members. Readers were asked to call their senators, if they were
on the list, and urge them to oppose the McCain-Kerrey bill. Read-
ers whose senators were not on the list could go to a Web site and
“Adopt a Legislator””which would entail signing up to get targeted
alerts whenever the adopted legislator would be nearing a vote on some
Internet-related issue.
The people watching the legislative front of the Crypto Wars weren™t
the only ones were were foregoing sleep in the early hours of June 18,
“Strong Cryptography Makes the World a
Safer Place”

Tuesday, June 17, 11:51 P.M.
Loveland, Colorado

A message contained in a UDP datagram made its way across the Inter-
net at the speed of light. Originating in Salt Lake City, the datagram
travelled up from a small local area network, to be handed o¬ to a
larger, wide-area network. Racing eastward, the datagram arrived in
Loveland, Colorado at the DESCHALL key server.
The DESCHALL key server issued a message of its own to RSA™s au-
tomated contest server, which almost immediately acknowledge our vic-
tory. Rocke Verser felt a jolt of excitement shoot through his body when
he saw the “Key Found!” message ¬‚ash across his computer screen.
Verser quickly wrote a message to DESCHALL coordinators and
sent it on its way, encrypted with PGP, as was standard practice when
writing about project details that were not yet public.

Wednesday, June 18, 2:12 A.M.
The Ohio State University, Columbus, Ohio

When Justin Dolske got the good news, he was ecstatic. As his moti-
vation was to demonstrate the weakness of 56-bit keys, he would have
been happy to hear that the key had been found by anyone, but being
on the winning team made the victory all the more sweet.
Dolske laid out the steps necessary to notify the DESCHALL and
SolNET mailing lists and to issue a press release. Leaving the message

260 CHAPTER 38

for the mailing lists to Verser, Dolske went straight to work on the
draft of the o¬cial press release. His ¬rst draft would be circulated to
DESCHALL coordinators at 2:56 A.M.

Wednesday, 8:04 A.M.
Megasoft Online, Freehold, New Jersey

I was spending the early part of the week in Freehold with the rest of
my company™s software development team. While I had been working
in my hotel room into the wee hours of the morning, I was doing so
completely without Internet connectivity and I had not checked my
voice mail throughout the night.
When I arrived at the o¬ce on Wednesday morning, the receptionist
handed me a handwritten message scrawled onto a torn-o¬ piece of
“greenbar” data processing paper.
The message was simple. “Call Rocke Verser. ˜We found it!™ ”
I promptly sounded my “barbaric yawp” in the ¬ne tradition of
Walt Whitman and ran up the stairs and through the hallway leading
to the software development o¬ces. Finding a phone, I dialed Verser™s
number and waited for him to answer.
Rocke Verser had spent the entire night drafting the notices for
the project participants, looking over drafts of the press release, and
ensuring that the news was ready to be released to the world. Normally,
this would be about the time that he™d be trying to catch a few hours™
sleep, but that wasn™t likely to happen today.
After a few congratulatory remarks, I put down the phone and got
to work. We™d made history, and it was time for the world to know.
Coordination was critical to getting the story out right, because we
needed to explain the project and its signi¬cance in a way that would
make sense to readers and reporters who did not have a background
in cryptography. The stories that we had seen so far were not partic-
ularly urgent in nature”mostly they had been local interest stories,
where someone from the publication™s readership was participating in
a large-scale Internet-coordinated project. That kind of thing could be
published any day of the week, and so any extra time needed to work


. 36
( 41 .)