From: William Knowles (wkC4I.ORG)
Date: Mon May 01 2000 - 15:54:42 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Forwarded by: Berislav Kucan [BHZ]" <bhznet-security.org>]

Record encryption puzzle cracked -- finally

The broken encryption method is widely expected to secure
next-generation wireless devices. But is the break such bad news?

By Robert Lemos, ZDNet News
UPDATED April 13, 2000 3:57 PM PT

An encryption method widely expected to secure next-generation
wireless phones and other devices succumbed to a brute-force
collaborative effort to break it, announced a French research agency
on Thursday. An international team of researchers -- led by crypto
researcher Robert Harley of the French National Institute for Research
in Computer Science and Control, or INRIA -- and other computer
enthusiasts found the 108-bit key to a scrambled message after four
months of number crunching by 9,500 computers worldwide.

"It's the largest collaborative effort yet," said Rohit Khare,
president of security research group 4-K Associates, which took part
in the project. "While SETIhome may have a larger number of computers
involved, by number of computations applied, we were larger."
SETIhome allows home computer users to participate in an effort to
search for extraterrestial life.

The project was completed on April 4, when the researchers realized
they had found the key. Security firm Certicom Corp. sponsored the
effort and will award the researchers $10,000, most of which has
already been pledged to the non-profit Apache Web project.

The encryption method -- known as elliptic-curve cryptography, or ECC
-- is on track to be used in a number of wireless applications
including phones, handheld organizers and digital wireless wallets,
Khare said.

Such applications benefit from the fact the algorithm requires little
computational muscle to encode and decode data compared to other
methods, making it ideal for the underpowered processors typically
found in mobile devices.

Cracking the code is not so easy, however. If someone tried to test
out the effectiveness of ECC using a midrange PC, it would take almost
500 years to complete.

"That's why collaborative efforts like this are important," said
another project member, B.K. DeLong, research lead at ZOT Group, a Web
consulting firm. "It allows the community to mobilize and create a
network of distributed computing power to solve the problem together."

DeLong used two computers at home and several at a computer lab to
calculate about 6,000 possible solutions, or "points," for the
project. In total, the project required more than 2 million such
points to find the solution.

In practice, the encryption standard for wireless devices is expected
to be at least a million times stronger than that, said 4-K Associates
Khare. "This is key technology for the wireless future. What we did
was to take a step in proving that future is secure."

Certicom could not comment on the solution, as the company is still in
a quiet period preceding its initial public offering.

Berislav Kucan aka BHZ
bhznet-security.org
http://net-security.org

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]