> ----------
> From: Tim May[SMTP:[EMAIL PROTECTED]]
> Reply To: Tim May
> Sent: Thursday, April 13, 2000 3:29 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Crypto and Economics
>
> At 11:33 PM -0700 4/12/00, Tim May wrote:
>
> I should have added another important link between crypto and
> economics: the awarding of prizes for breaking ciphers. Sometimes the
> prize is intangible, sometimes it's fame, sometimes it's $1000,
> sometimes it's much more. Even snake oil makers are offering prizes.
> R, S, and A offered a challenge in the late 70s, only finally broken
> several years ago (a Cypherpunks list member was on the team that
> broke/factored RSA-129).
>
>
I think the demonstrations of brute force attack on weak crypto is another
item on the (short) list of "cypherpunks" achievements. We all knew that
40 bit, and even 56 bit crypto where theoretically crackable, but outside of
the list, arguements against their use fell on deaf ears in the commercial
and legislative communities - I even remember one government report which
claimed that it was *impossible* to build a machine to brute DES - it would
melt down.
The forcing of 40 bit SSL in Netscape served as a reality check, allowing
crypto engineers to insist on including competant crypto in products, not
merely what was exportable. That effort was almost purely a product of the
list discussions, with the challanges being posted on the list.
The discussion on the list of bruting DES was a strong motivator for my
getting
RSA to put up a series of symmettric key challenges. Some of these
made significant headlines, especially when list member Ian Goldberg
cracked
the first 40 bit RC5 challenge in 3.5 hours
(http://www.zdnet.com/pcweek/news/0112/16ersa1.html),
and more recently when the EFF (home of many list members) DES cracker
together with Distributed.net bruteforced a 56 bit DES key in under 24
hours.
(distributed.net is now 23% of the way through 64 bit RC5, at a current rate
of
131 Gkeys/sec).
These events forced marketers, corporate management, and legislators to
admit that exportable crypto was junk, and move to stronger systems.
I believe the members of the cypherpunks list can claim some credit for
that.
Peter Trei
