a race to get the story together and to get it out quicklyā”and that
would mean less time for checking facts.
āStrong Cryptography Makes the World a Safer Placeā 261
About an hour after the phone call with me, Verser had working
drafts of the announcement for the mailing lists, the press release, and
a data sheet with details of the facts of the project, intended to help
reporters get the information they needed to get their stories together.
RSA Data Security contacted Verser and worked with us to coordinate
our press release with theirs.
Later in the day, when everything was in order, and the world was
ready to know that it was a safer place because of cryptography, RSA
and DESCHALL press releases were issued at the same time, and Verser
proudly posted the message he had drafted earlier.
In an article entitled āWE FOUND IT!ā Verser wrote to the DES-
CHALL mailing list:
āStrong cryptography makes the world a safer place.ā
Thatā™s the message RSA has been waiting for us to decipher.
And we did it!
The correct key (8558891AB0C851B6) was reported to RSA
Data Security shortly before midnight last night (Mountain
Time). RSAā™s automated server acknowledged our win!
The winning computer is a Pentium 90 MHz, operated by
iNetZ Corporation of Salt Lake City, Utah. Their employee,
Michael K. Sanders, was the individual who was running the
Congratulations, Michael. And congratulations to all who
After acknowledging many individuals, he graciously turned to āour
only public ā˜competitor,ā™ SolNET,ā which he called āa class outļ¬t.ā
In a sense, the āwinā belongs to all of us, who contributed CPU
cycles and clients and ideas and innovations. We searched less
than 1 of the keyspace. Worldwide, over half of the keyspace was
searched. A DESCHALL client may have found ātheā key, but
you [SolNET] deserve credit for helping to bring the āexpected
date of completionā signiļ¬cantly ahead.
Your Web site gave us a goal to shoot for. A goal which we
never met. Your clients had many features our users wished for.
There is no shame in not ļ¬nding the key. But I know the anguish
you must feel after putting your hearts and souls into a project
for three to four months and not being ātheā winner.
262 CHAPTER 38
In my eyes, everyone who participated, whether working for
the DESCHALL team or the SolNET team is a winner!
Elation followed on the DESCHALL mailing list, with congratula-
tions and thanks ļ¬‚owing in from all around. Across the Atlantic, Sol-
NET coordinator Lindgren Fredrik sent an announcement of his own
to the SolNET mailing list. He wrote:
The challenge is over . . .
. . . and we ālost.ā On June 17 around midnight one of
our competitors, DESCHALL, found the secret key and de-
crypted the secret text prepared by RSA Data Security Inc
The goal of the DES Challenge was to show that DES en-
cryption could be cracked, and that better encryption is needed
to keep data safe. In my opinion this goal has been accomplished.
Although itā™s not that fun being a runner up, I must say that
it has been an enjoyable couple of months running this eļ¬ort. As
much as it been a goal to show the weaknesses of 56-bit crypto,
itā™s been very nice to be able to show the enormous amount
of āsurplusā computing power that is available on the Internet.
Not to mention the warm and fuzzy feeling it gives me to think
of everybody thatā™s been working together towards the common
goal of answering the challenge.
The SolNET DES Team would like to thank everybody who
has been participating and sharing their spare computing re-
sources in our project. Without you none of this would have
Lindgren extended his thanks to many who contributed their re-
sources and talents to run SolNETā™s keyservers, work on clients, and
otherwise keep their eļ¬ort running. He then pointed out the opportu-
nities for additional work to be done, on the 56-bit RC5 Bovine eļ¬ort,
as well as the Great Internet Mersenne Prime Search.
Wednesday, June 18, 7:44 P.M.
The Ohio State University, Columbus, Ohio
Now it was time for the media to pick up the story and to weigh in. Late
on Wednesday, June 18, Dolske was one of the ļ¬rst to be contacted, and
answered questions for someone from āthe Internet video show State of
āStrong Cryptography Makes the World a Safer Placeā 263
the Net.ā None of the coordinators had heard the program before, and
we had no idea of its audience size. Dolske wasnā™t even sure that he
was talking to a reporter, but the person with the questions was clearly
interested in what had happened, so Dolske answered his questions.
After the conversation, he checked a search engine for āState of the
Net,ā but couldnā™t ļ¬nd anything. Given the proliferation of ācybercul-
tureā shows on television, electronic magazines, and streaming video,
one could never really be sure. But it was someone interested, and it
just might have been some of the ļ¬rst press the key-breaking received.
Verser meanwhile had spoken with reporters from Channel 2 in Salt
Lake City, ZDNet, MSNBC, and the Chronicle of Higher Education.
Obviously, the press releases were having their eļ¬ect and the stories
were being written. Some of these articles also included parts of inter-
views with Mike Sanders, whose machine found the key, and RSA Data
RSA Data Security Inc., issued a press release of its own, at the same
time as ours. In that release, RSA president Jim Bizdos was quoted,
tying together the debate before Congress and the DES Challenge.
RSA congratulates the DESCHALL team for their achievement
in cracking the 56-bit DES message,ā said Jim Bidzos, presi-
dent of RSA. āThis demonstrates that a determined group us-
ing easily available desktop computers can crack DES-encrypted
messages, making short 56-bit key lengths and unscaleable algo-
rithms unacceptable as national standards for use in commercial
āThis event dramatically highlights the fatal ļ¬‚aws in the
most recent administration proposal, Bill S.909, ā˜The Secure
Public Networks Act of 1997,ā™ introduced by Senator John Mc-
Cain (R-AZ) and Senator Bob Kerrey (D-NE). This bill, if
passed, would severely hamper U.S. industry by limiting export
to the 56-bit DES standard.ā
We would discover that yet another press release had been issued,
without our knowledge, much less coordination. Sameer Parekh, an en-
terprising user of cryptography ran a company he started called C2Net
Software, Inc. to bring products with strong cryptography to the mar-
kets. Never one to miss a media opportunity, Parekh sprang into ac-
tion upon seeing that the DES Challenge had been won. Quickly he
placed a call to iNetZ Corporation, where the 90 MHz Pentium ma-
chine run by Michael Sanders had found the right key. He got Jon Gay,
264 CHAPTER 38
a vice president at iNetZ to agree to a quote, wherein he hoped that
the demonstration would cause users to demand strong cryptography
in their productsā”āsuch as the 128-bit security provided by C2Netā™s
Stronghold product, rather than the weak 56-bit ciphers used in many
Parekh also got a quote from the respected cryptographer Ian Gold-
berg, recently of 40-bit Challenge fame. Goldbergā™s remark, āThis ef-
fort emphasizes that security systems based on 56-bit DES or ā˜export-
qualityā™ cryptography are out-of-date, and should be phased out,ā was
buried in an alarmist press release entitled, āHackers Smash U.S. Gov-
ernment Encryption Standard.ā C2Netā™s press release failed to cite any-
thing authoritative from either RSA or the DESCHALL coordinators,
pointing instead to its own Web site that gave no additional informa-
tion on the contest. The C2Net statement was entirely devoid of useful
content about RSAā™s DES Challenge or the project that answered it;
its entire purpose was to use DESCHALLā™s win as a platform from
which to tell the world, in Parekhā™s words, āWe refuse to sell weak
products that might provide a false sense of security.ā Members of the
press who saw Parekhā™s blatantly opportunistic commercial received it
with some skepticism, some of which would unfortunately carry over
into reporting into the facts of the DES Challenge.
DESCHALL coordinators granted many interviews that day, un-
aware of the C2Net press release. Had we known about the C2Net re-
lease, we could have taken the opportunity to put the matter into more
balanced perspective than to suggest that the standard itself had been
broken by āhackers.ā Reportersā™ deadlines ļ¬nally came and the calls
died down as the articles started to get written. As the reports started
to make their way around the world, DESCHALLā™s coordinators got
some well-deserved rest.
Thursday, June 19, 8:02 A.M.
Megasoft Online, Freehold, New Jersey
I was pleased to see the Wall Street Journal article on DESCHALL. A
well-written article by Don Clark covered the contest and its impact,
stuck to the story, and remained technically accurate. Many other re-
porters called on Thursday, following up with their own stories after
seeing the early coverage of the news.
āStrong Cryptography Makes the World a Safer Placeā 265
On Friday, the largest wave of media coverage came, and as DES-
CHALL participants saw the coverage, they posted their observations
on the articles to the DESCHALL mailing list. Nelson Minar at MIT
noted that the CNN article covering our work was subtitled, āBut it
took four months.ā Most media coverage had roughly the same ļ¬‚avor.
MSNBCā™s article managed to botch the story pretty badly, going so
far as to assert that the entire keyspace had been tested as opposed
to the one-quarter of the keyspace that actually had been tested. The
Money Daily article carried the basic premise that our success was
alarming, but readers didnā™t need to tear up their ATM card right
DESCHALL project did manage to get the attention of the main-
stream media at a critical momentā”as the capability to break messages
encrypted with the standard came into the hands of even modestly
funded groups of people and as the future of public policy was being
debated. The success of the RSA DES Challenge would ultimately come
not from what the media would say immediately, but whether we suc-
ceeded in ākilling single DES,ā as Peter Trei wrote to the Cypherpunks
on October 1, 1996.
Cracking a message encrypted with DES was a watershed event in
the history of cryptography because we, private-sector cryptographers,
participated in a large-scale demonstration of distributed computing
to make our point. We knew that DES, the sitting standard for data
encryption for twenty years, was vulnerable to brute-force attacks. We
knew that ļ¬nding a key wouldnā™t require a thirty-million dollar super-
computer and more than a yearā™s time. So we quit estimating what it
would take and just did it.
The contest wasnā™t just about cryptography in 1997. Cryptographyā™s
future was also at stake: we knew that long-term public policy was being
debated by lawmakers in Washington under the inļ¬‚uence of information
speciļ¬cally released to support the Clinton administrationā™s legislative
We knew that the data encryption standard needed to be replaced,
but no one would listen to us when we presented them with calculations.
People would not listen unless we actually broke a message encrypted
with the same system that was protecting sensitive information like
their ļ¬nancial and medical records. So thatā™s what we did. And then
the world wanted to hear all about it and what to do about it.
Thursday, June 19
Gundaker Realtors, St. Louis, Missouri
Systems and security administrator Stuart Stock, who wrote the āDES-
CHALL Linux Bootdisk Mini-HOWTO,ā had been a participant for
most of the projectā™s duration. His eļ¬orts, and those of many peo-
ple like him, got the project access to many computing cyclesā”easily
268 CHAPTER 39
twelve hours daily and two whole days weeklyā”that would have been
Concerned that management might not have sanctioned the eļ¬ort,
Stock requested that his contribution be identiļ¬ed as an āanonymousā
site in our statistical reportingā”a request which we happily granted.
On the morning of June 19, Stock found himself answering some
questions from the head of the company, who had seen the article in
the morningā™s copy of The Wall Street Journal entitled āGroup Cracks
Financial-Data Encryption Code.ā The article got the head of the com-
pany thinking about the importance of strong cryptography in ensuring
the safety of ļ¬nancial transactions and electronic communications.
Feeling more conļ¬dent that he was making a connection and getting
a sympathetic audience, Stock revealed to his boss that their company
had been involved in the eļ¬ort, ļ¬nishing twenty-fourth in terms of
contributed processing power.
After learning that Stockā™s method of contributing processing power
had not interfered with business operations in any way, his boss relaxed.
Stock was satisļ¬ed with his contribution. The head of his company
simply had no idea that cryptography was something he needed to
consider. Like many people, he just assumed that things were āsafe.ā
Thanks to our project and the subsequent publicity, he was asking
good questions and even being shown how to protect himself with Phil
Zimmermanā™s Pretty Good Privacy cryptography software.
Since its beginning, Netscape had produced two versions of its soft-
ware: one for domestic U.S. use and one for international use. The
international use products were limited to 40-bit key strength, while
the domestic versions used 128 bits.
On June 24, less than a week after our success in the DESCHALL
project, Netscape ļ¬nally was able to release its products with strong
cryptography for export to the outside world with the permission of the
U.S. Department of Commerce. Instead of having to ļ¬ll out an online
aļ¬davit and go through veriļ¬cation that your system was based in the
United States, users from all over the world could simply download the
strong-cryptography version of the Netscape browser.
In addition, Netscape banking customers overseas could buy Net-