O’Reilly news

"Cracking DES" Shows How the Electronic Frontier Foundation's Machine Beat Government Encryption Standard O'Reilly and EFF Publish Book that Proves DES is Not Secure

July 17, 1998

SEBASTOPOL, CA--At 5:10 pm on Wednesday July 15, The Electronic Frontier Foundation (EFF) successfully cracked RSA Laboratories' DES Challenge II that began 56 hours earlier. The machine that cracked the DES Challenge was built by EFF and is the first unclassified hardware for easily decrypting messages encoded with the government's 56-bit DES (Data Encryption Standard) encryption algorithm (definition below).

Technical publisher O'Reilly and Associates has joined with EFF to publish Cracking DES: Secrets of Encryption Research, Wiretap Politics, & Chip Design. Authored by EFF, the book reveals full technical details on how researchers and data-recovery engineers can build a working DES Cracker like the one that won the RSA Challenge.

"Cracking DES" provides other researchers with the necessary data to fully reproduce, validate, or improve EFF's design. It includes design specifications and board schematics, as well as full source code for the custom chip, a chip simulator, and the software that drives the system. The Data Encryption Standard withstood the test of time for twenty years. This book shows exactly how it was brought down. Every cryptographer, security designer, and student of cryptography policy should read this book to understand how the world changed as it fell.

"Cracking DES" has been published only in print because US export controls on encryption make it a crime to publish such information on the Internet, but the book is designed to be easy to scan into computers. (EFF is also sponsoring a lawsuit by Professor Daniel Bernstein to overturn the law and regulations that make Internet publication of such research results illegal. The case now rests with the Ninth Circuit Court of Appeals.)

"Cracking DES" is available at bookstores, or can be ordered from O'Reilly & Associates at http://www.oreilly.com/catalog/crackdes, 800-998-9938, or 707-829-0515.


Until now, the RSA challenges were decrypted by teams of up to 22,000 volunteers worldwide linking together over 50,000 CPUs to power through quadrillion possible keys. With the success of the DES Cracker machine, the EFF has proven what has been argued by scientists for twenty years, that DES can be cracked quickly and on a low budget.

Project leader John Gilmore remarked, "If a civil liberties group can build a DES Cracker for less than $250,000, practically anyone else can too. Do any of them want to read your messages? Advances in semiconductor technology will only reduce this cost. In five years, some teenager may well build a DES Cracker as her high school science fair project."

EFF's DES Cracker machine contains several thousand custom chips and an ordinary PC. Each custom chip is a "gate array" that contains 24 identical search engines. These chips are organized on large boards, which fit into six chassis attached to the PC. Each search engine inside a chip can examine 2.5 million keys every second, testing to see if each might be the right key to unlock a DES-encoded message.

The Data Encryption Standard (DES) algorithm, adopted by the US government in 1977, is the US government's secret-key data encryption standard and is widely used around the world in a variety applications including banking and wide-area networking applications. It is a block cipher that transforms 64-bit data blocks under a 56-bit secret key, by means of permutation and substitution. It encrypts a confidential message into scrambled output under the control of the secret key. The input message is also known as "plaintext" and the resulting output message as "ciphertext". The idea is that only recipients who know the secret key can decrypt the ciphertext to obtain the original message. DES uses a 56-bit key, so there are 2^56 possible keys.

O'Reilly & Associates is recognized worldwide for its definitive books on open source software, the Internet, programming, Windows NT and UNIX. From their pioneering bestseller The Whole Internet User's Guide & Catalog (the book that introduced the Internet to the public) to GNN (the first Internet portal and commercial website) to WebSite (the first web server software for desktop PCs), O'Reilly has been at the forefront of Internet development. Building on its expertise, O'Reilly has also produced award-winning Internet software and innovative web-based courses. The company's active support of open source software (aka free software) extends beyond its publishing program. O'Reilly has taken the lead in promoting and legitimizing open source software by hosting the April, 1998 Open Source Summit and producing an annual Perl Conference.

# # #

Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design
By Electronic Frontier Foundation
1st Edition July 1998 (US)
272 pages, 1-56592-520-3, $29.95 (US$)

About O’Reilly

O’Reilly, the premier learning platform for technology professionals, offers the industry’s most extensive catalog of high-quality technical and professional skills development courses. From AI, programming, and cloud technologies to essential business skills such as leadership training and critical thinking, O’Reilly delivers highly trusted content from its network of renowned experts that meets a diverse array of learning needs, with over 5,000 role-based on-demand courses, nearly 200 live events each month, access to interactive sandboxes and labs, and more. For more information, visit www.oreilly.com.

Email a link to this press release