Editing Data Encryption Standard (section)

=== Brute-force attack ===
For any [[cipher]], the most basic method of attack is [[brute-force attack|brute force]]—trying every possible key in turn. The [[key length|length of the key]] determines the number of possible keys, and hence the feasibility of this approach. For DES, questions were raised about the adequacy of its key size early on, even before it was adopted as a standard, and it was the small key size, rather than theoretical cryptanalysis, which dictated a need for a replacement [[algorithm]]. As a result of discussions involving external consultants including the NSA, the key size was reduced from 256 bits to 56 bits to fit on a single chip.<ref name="stallings-2006">Stallings, W. ''Cryptography and network security: principles and practice''. Prentice Hall, 2006. p. 73</ref>

[[File:Board300.jpg|thumb|The [[Electronic Frontier Foundation|EFF]]'s US$250,000 [[EFF DES cracker|DES cracking machine]] contained 1,856 custom chips and could brute-force a DES key in a matter of days—the photo shows a DES Cracker circuit board fitted with several Deep Crack chips.]]

In academia, various proposals for a DES-cracking machine were advanced. In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million which could find a DES key in a single day.<ref name="dh-exh"/><ref>{{Cite web | url=http://hamburgsteak.sandwich.net/writ/bruting_des.html | title=Bruting DES}}</ref> By 1993, Wiener had proposed a key-search machine costing US$1 million which would find a key within 7 hours. However, none of these early proposals were ever implemented—or, at least, no implementations were publicly acknowledged. The vulnerability of DES was practically demonstrated in the late 1990s.<ref>{{Citation|last1=van Oorschot|first1=Paul C.|title=A Known-Plaintext Attack on Two-Key Triple Encryption|date=1991|work=Advances in Cryptology – EUROCRYPT ’90|volume=473|pages=318–325|editor-last=Damgård|editor-first=Ivan Bjerre|place=Berlin, Heidelberg|publisher=Springer Berlin Heidelberg|doi=10.1007/3-540-46877-3_29|isbn=978-3-540-53587-4|last2=Wiener|first2=Michael J.|doi-access=free}}</ref> In 1997, [[RSA Security]] sponsored a series of contests, offering a $10,000 prize to the first team that broke a message encrypted with DES for the contest. That contest was won by the [[DESCHALL Project]], led by Rocke Verser, [[Matt Curtin]], and Justin Dolske, using idle cycles of thousands of computers across the Internet. The feasibility of cracking DES quickly was demonstrated in 1998 when a custom DES-cracker was built by the [[Electronic Frontier Foundation]] (EFF), a cyberspace civil rights group, at the cost of approximately US$250,000 (see [[EFF DES cracker]]). Their motivation was to show that DES was breakable in practice as well as in theory: "''There are many people who will not believe a truth until they can see it with their own eyes. Showing them a physical machine that can crack DES in a few days is the only way to convince some people that they really cannot trust their security to DES.''" The machine brute-forced a key in a little more than 2 days' worth of searching.

The next confirmed DES cracker was the COPACOBANA machine built in 2006 by teams of the [[Ruhr University|Universities of Bochum]] and [[University of Kiel|Kiel]], both in [[Germany]]. Unlike the EFF machine, COPACOBANA consists of commercially available, reconfigurable integrated circuits. 120 of these [[field-programmable gate array]]s (FPGAs) of type XILINX Spartan-3 1000 run in parallel. They are grouped in 20 DIMM modules, each containing 6 FPGAs. The use of reconfigurable hardware makes the machine applicable to other code breaking tasks as well.<ref>{{cite web
 | title = Getting Started, COPACOBANA — Cost-optimized Parallel Code-Breaker
 | url = http://www.copacobana.org/paper/copacobana_gettingstarted.pdf
 | date = December 12, 2006
 | access-date = March 6, 2012
}}</ref>  One of the more interesting aspects of COPACOBANA is its cost factor. One machine can be built for approximately $10,000.<ref>{{cite book
 | author = Reinhard Wobst
 | title = Cryptology Unlocked
 | url = https://archive.org/details/Cryptology_Unlocked
 | date = October 16, 2007
 | publisher = John Wiley & Sons
| isbn = 9780470060643
 }}</ref> The cost decrease by roughly a factor of 25 over the EFF machine is an example of the continuous improvement of [[digital hardware]]—see [[Moore's law]]. Adjusting for inflation over 8 years yields an even higher improvement of about 30x. Since 2007, [[SciEngines GmbH]], a spin-off company of the two project partners of COPACOBANA has enhanced and developed successors of COPACOBANA. In 2008 their COPACOBANA RIVYERA reduced the time to break DES to less than one day, using 128 Spartan-3 5000's. SciEngines RIVYERA held the record in brute-force breaking DES, having utilized 128 Spartan-3 5000 FPGAs.<ref>[http://www.sciengines.com/company/news-a-events/74-des-in-1-day.html Break DES in less than a single day] {{Webarchive|url=https://web.archive.org/web/20170828035212/http://www.sciengines.com/company/news-a-events/74-des-in-1-day.html |date=2017-08-28 }} [Press release of Firm, demonstrated on 2009 Workshop]</ref> Their 256 Spartan-6 LX150 model has further lowered this time.

In 2012, David Hulton and [[Moxie Marlinspike]] announced a system with 48 Xilinx Virtex-6 LX240T FPGAs, each FPGA containing 40 fully pipelined DES cores running at 400&nbsp;MHz, for a total capacity of  768 gigakeys/sec. The system can exhaustively search the entire 56-bit DES key space in about 26 hours and this service is offered for a fee online.<ref>{{cite web| url = http://crack.sh| title = The World's fastest DES cracker}}</ref><ref>''Think Complex Passwords Will Save You?,'' David Hulton, Ian Foster, BSidesLV 2017</ref> However, the service has been offline since the year 2024, supposedly for maintenance but probably permanently switched off. <ref>{{cite web| url =https://crack.sh/get-cracking/| title = DES Cracker is currently down for maintenance}}</ref>